secure.winred.com Open in urlscan Pro
2606:4700::6812:9c15 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://e.campaignsvc.com/sOQ/6cOe
Effective URL:
https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_...
Submission: On March 02 via manual (March 2nd 2022, 2:28:57 pm UTC) from US — Scanned from US

Summary HTTP 75 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 37 IPs in 1 countries across 31 domains to perform 75 HTTP transactions. The main IP is 2606:4700::6812:9c15, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com. The Cisco Umbrella rank of the primary domain is 73057.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 5th 2021. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.229.142.66 3.229.142.66	14618 (AMAZON-AES) (AMAZON-AES)
7	2606:4700::68... 2606:4700::6812:9c15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.85.61.106 52.85.61.106	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
2	52.85.61.46 52.85.61.46	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2008	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:9b15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	54.186.23.98 54.186.23.98	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:402... 2607:f8b0:4023:1404::9b	15169 (GOOGLE) (GOOGLE)
2	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.54.69.74 23.54.69.74	16625 (AKAMAI-AS) (AKAMAI-AS)
4	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
2	54.230.240.249 54.230.240.249	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:220... 2600:9000:2209:9400:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2001:4998:14:... 2001:4998:14:800::1000	14777 (YAHOO) (YAHOO)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13::17d7:82b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.54.69.53 23.54.69.53	16625 (AKAMAI-AS) (AKAMAI-AS)
2	3.92.67.221 3.92.67.221	14618 (AMAZON-AES) (AMAZON-AES)
2	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
1	68.67.179.123 68.67.179.123	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2607:f8b0:400... 2607:f8b0:4006:808::2004	15169 (GOOGLE) (GOOGLE)
2	64.202.112.223 64.202.112.223	23352 (SERVERCEN...) (SERVERCENTRAL)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1 5	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
1 1	2600:1f18:730... 2600:1f18:730:b110:a3e:d471:8212:592f	14618 (AMAZON-AES) (AMAZON-AES)
1	3.224.47.34 3.224.47.34	14618 (AMAZON-AES) (AMAZON-AES)
1	52.41.18.135 52.41.18.135	16509 (AMAZON-02) (AMAZON-02)
1 2	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
1 2	2600:141b:13:... 2600:141b:13::17d7:82b3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
1	54.235.30.242 54.235.30.242	14618 (AMAZON-AES) (AMAZON-AES)
2	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
75	37

1 3.229.142.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-142-66.compute-1.amazonaws.com

e.campaignsvc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:9c15 (United States)

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.85.61.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-106.ewr53.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:824::200a (Queens, United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.61.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-46.ewr53.r.cloudfront.net

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2008 (Queens, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:820::200e (Queens, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:9b15 (United States)

ASN13335 (CLOUDFLARENET, US)

app.revv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4023:1404::9b (Columbus, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.65.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.54.69.74 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-54-69-74.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.230.240.249 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-240-249.ewr53.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:9400:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4998:14:800::1000 (United States)

ASN14777 (YAHOO, US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82b8 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

rtxpx-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.54.69.53 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-54-69-53.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.92.67.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-67-221.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.179.123 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 562.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:808::2004 (Queens, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.223 (Leesburg, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.226.184 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b110:a3e:d471:8212:592f (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.47.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-47-34.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.41.18.135 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-18-135.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::2002 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:13::17d7:82b3 (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

stickyid-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.30.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-30-242.compute-1.amazonaws.com

rtclx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	winred.com secure.winred.com — Cisco Umbrella Rank: 73057	233 KB
6	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 971 trc.taboola.com — Cisco Umbrella Rank: 562 trc-events.taboola.com — Cisco Umbrella Rank: 1670	27 KB
6	stripe.com js.stripe.com — Cisco Umbrella Rank: 894 q.stripe.com — Cisco Umbrella Rank: 5856 m.stripe.com — Cisco Umbrella Rank: 854	77 KB
5	snapchat.com 1 redirects tr.snapchat.com — Cisco Umbrella Rank: 955	1 KB
4	google.com www.google.com — Cisco Umbrella Rank: 2	736 B
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 316	171 KB
3	akamaihd.net 1 redirects rtxpx-a.akamaihd.net — Cisco Umbrella Rank: 67572 stickyid-a.akamaihd.net — Cisco Umbrella Rank: 63979	32 KB
3	liadm.com 1 redirects b-code.liadm.com — Cisco Umbrella Rank: 3295 rp.liadm.com — Cisco Umbrella Rank: 2578 rp4.liadm.com — Cisco Umbrella Rank: 11187	12 KB
3	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 1897 tr.outbrain.com — Cisco Umbrella Rank: 1782	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 338	12 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 365	886 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	424 B
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 948	17 KB
2	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 935	1 KB
2	adnxs.com acdn.adnxs.com — Cisco Umbrella Rank: 523 ib.adnxs.com — Cisco Umbrella Rank: 205	4 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 124	114 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 394	7 KB
2	sc-static.net sc-static.net — Cisco Umbrella Rank: 1102	13 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	16 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	147 KB
2	cloudfront.net d35ligi1n5bgzc.cloudfront.net	208 KB
1	rtclx.com rtclx.com — Cisco Umbrella Rank: 15568	663 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 779	714 B
1	t.co t.co — Cisco Umbrella Rank: 448	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	456 B
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 3112	115 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 531	6 KB
1	revv.co app.revv.co — Cisco Umbrella Rank: 116253	1 KB
1	campaignsvc.com 1 redirects e.campaignsvc.com	179 B
75	31

	Domain	Requested by
7	secure.winred.com	secure.winred.com
5	tr.snapchat.com	1 redirects sc-static.net secure.winred.com
4	www.google.com	secure.winred.com
4	www.google-analytics.com	secure.winred.com www.google-analytics.com
4	maps.googleapis.com	secure.winred.com maps.googleapis.com
3	cdn.taboola.com	www.googletagmanager.com cdn.taboola.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com secure.winred.com
3	js.stripe.com	secure.winred.com js.stripe.com
2	trc-events.taboola.com	cdn.taboola.com
2	pixel.tapad.com	2 redirects
2	stickyid-a.akamaihd.net	1 redirects secure.winred.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.facebook.com	secure.winred.com
2	tr.outbrain.com	amplify.outbrain.com secure.winred.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	jadserve.postrelease.com	secure.winred.com s.ntv.io
2	connect.facebook.net	secure.winred.com connect.facebook.net
2	s.yimg.com	secure.winred.com s.yimg.com
2	sc-static.net	www.googletagmanager.com tr.snapchat.com
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	q.stripe.com	secure.winred.com
2	www.googletagmanager.com	secure.winred.com
2	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
1	rtclx.com	rtxpx-a.akamaihd.net
1	m.stripe.com	m.stripe.network
1	rp4.liadm.com	secure.winred.com
1	rp.liadm.com	1 redirects
1	sp.analytics.yahoo.com	secure.winred.com
1	t.co	secure.winred.com
1	analytics.twitter.com	static.ads-twitter.com
1	trc.taboola.com	cdn.taboola.com
1	ib.adnxs.com	secure.winred.com
1	s.ntv.io	secure.winred.com
1	rtxpx-a.akamaihd.net	secure.winred.com
1	acdn.adnxs.com	secure.winred.com
1	b-code.liadm.com	www.googletagmanager.com
1	amplify.outbrain.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	app.revv.co	secure.winred.com
1	e.campaignsvc.com	1 redirects
75	41

This site contains links to these domains. Also see Links.

Domain
winred.com
bit.ly
www.nrsc.org

Subject Issuer	Validity	Valid
www.winred.com DigiCert SHA2 Extended Validation Server CA	`2021-10-05` - `2022-10-26`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2022-01-26` - `2022-05-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.revv.co DigiCert SHA2 Secure Server CA	`2021-10-05` - `2022-09-16`	a year	crt.sh
*.stripe.com DigiCert SHA2 Secure Server CA	`2021-09-08` - `2022-09-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
*.liadm.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-31` - `2022-03-23`	2 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-12-09` - `2022-03-09`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
a248.e.akamai.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2021-12-04` - `2022-12-06`	a year	crt.sh
*.postrelease.com Amazon	`2021-12-28` - `2023-01-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
tr.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-13` - `2023-01-13`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-11` - `2022-05-04`	4 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
1p1eqpotato.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-15` - `2022-03-24`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Frame ID: 0653A2DCB302B9092180F1BD6C4BDEFE
Requests: 64 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-ce3cdfac755a319f13136d294df99983.html
Frame ID: 6C0B11B70801059D3BF873FF05D526AD
Requests: 3 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 6D16CAFB9D4AD8931A08B75F2D42807A
Requests: 4 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227
Frame ID: A59887D3EE0886FF5B3EF7A2C3702054
Requests: 2 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/p?rand=1646229434350&pnid=140&pcid=62264dd9-dd8c-49df-9060-9027a77e1df3
Frame ID: DEEEA7FAC1CA315DFD49CA0AA73720A8
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BCD8EFC9ED9654F8B2303935FBB5FEC4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BIDEN HARRIS APPROVAL POLL

Page URL History Show full URLs

https://e.campaignsvc.com/sOQ/6cOe HTTP 307
https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_c... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Page Statistics

75
Requests

96 %
HTTPS

40 %
IPv6

31
Domains

41
Subdomains

37
IPs

1
Countries

1239 kB
Transfer

3745 kB
Size

46
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://bit.ly/2Xax3XL
Title: https://action.nrsc.org/petition/mobile-messaging-terms-conditions/

Search URL Search Domain Scan URL

URL: https://www.nrsc.org/privacy-policy/
Title: https://www.nrsc.org/privacy-policy/

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

URL: https://winred.com/support/
Title: Questions about your charge? Go to our Support Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://e.campaignsvc.com/sOQ/6cOe HTTP 307
https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://rp.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&wpn=lc-bundle&c=PHRpdGxlPkJJREVOIEhBUlJJUyBBUFBST1ZBTCBQT0xMPC90aXRsZT48bWV0YSBjb250ZW50PSI8cCBzdHlsZT0mcXVvdDt0ZXh0LWFsaWduOiBjZW50ZXI7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2JhY2tncm91bmQtY29sb3I6ICNmMWM0MGY7JnF1b3Q7PjxzdHJvbmc-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1zaXplOiAyNHB0OyBmb250LWZhbWlseTogdGFob21hLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZjFjNDBmOyZxdW90Oz5UQUtFIFRIRSBQT0xMPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-CjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDI0cHQ7IGZvbnQtZmFtaWx5OiB0YWhvbWEsIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7JnF1b3Q7PkRvIHlvdSBzdXBwb3J0IEpvZSBCaWRlbiBhbmQgS2FtYWxhIEhhcnJpcz88L3NwYW4-PC9zdHJvbmc-PC9wPiIgbmFtZT0iZGVzY3JpcHRpb24iPg HTTP 302
https://rp4.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&wpn=lc-bundle&c=PHRpdGxlPkJJREVOIEhBUlJJUyBBUFBST1ZBTCBQT0xMPC90aXRsZT48bWV0YSBjb250ZW50PSI8cCBzdHlsZT0mcXVvdDt0ZXh0LWFsaWduOiBjZW50ZXI7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2JhY2tncm91bmQtY29sb3I6ICNmMWM0MGY7JnF1b3Q7PjxzdHJvbmc-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1zaXplOiAyNHB0OyBmb250LWZhbWlseTogdGFob21hLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZjFjNDBmOyZxdW90Oz5UQUtFIFRIRSBQT0xMPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-CjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDI0cHQ7IGZvbnQtZmFtaWx5OiB0YWhvbWEsIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7JnF1b3Q7PkRvIHlvdSBzdXBwb3J0IEpvZSBCaWRlbiBhbmQgS2FtYWxhIEhhcnJpcz88L3NwYW4-PC9zdHJvbmc-PC9wPiIgbmFtZT0iZGVzY3JpcHRpb24iPg&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMjpiYTJkOmQxZTQ6YWUxMg%3D%3D&n3pc=true

Request Chain 63

https://stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fsecure.winred.com HTTP 302
https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com

Request Chain 65

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&auid=1278583122.1646231330&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=I38fYoaTC4K4yQOT1LTQBg&sscte=1&crd=&eitems=ChEIgMj8kAYQkY3kspnwzZXRARIdACLcoC_9L-ElJ_IdFyri89tB4l1XcDXjZHLMe5k HTTP 302
https://www.google.com/pagead/1p-conversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&auid=1278583122.1646231330&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=I38fYoaTC4K4yQOT1LTQBg&eitems=ChEIgMj8kAYQkY3kspnwzZXRARIdACLcoC-o7XbNfpgzPY3vW6mmOn7IRpPGSHCY3-o&random=833475785&resp=GooglemKTybQhCsO

Request Chain 66

https://tr.snapchat.com/cm/s?bt=__LIVE__&pnid=140&cb=1646231331204 HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1646229434350%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1646229434350%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://tr.snapchat.com/cm/p?rand=1646229434350&pnid=140&pcid=62264dd9-dd8c-49df-9060-9027a77e1df3

75 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request biden-harris-approval-sa-db Show response
secure.winred.com/nrsc/
Redirect Chain

https://e.campaignsvc.com/sOQ/6cOe
https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na

18 KB
7 KB

289ms
60ms

Document
text/html

2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73560bfbf3e06ea1dd034a3ca2aaf18c143b609b2f432f7c9dc590a894f02f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

date: Wed, 02 Mar 2022 14:28:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
x-revv-cache: Hit from Revv
x-request-id: 641bdc96-1a6e-496b-a92c-26854e33dc46
x-runtime: 0.017029
x-rack-cors: miss; no-origin
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6e5ad233abc51a0f-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
content-length: 0
date: Wed, 02 Mar 2022 14:28:49 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 279 KB
73 KB 67ms
7ms Script
application/javascript 52.85.61.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.61.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-61-106.ewr53.r.cloudfront.net

Software

Cloudfront /

Resource Hash

4ff561e39e8169bb42d5431839780390b82e95c851dd1c6be195f9339eab64f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2
x-cache: Hit from cloudfront
date: Wed, 02 Mar 2022 14:28:49 GMT
via: 1.1 2ba01a121d51ee735a8dde7a86ed73b6.cloudfront.net (CloudFront)
last-modified: Tue, 01 Mar 2022 20:04:03 GMT
server: Cloudfront
etag: W/"614b359080026f88501a3d5de6f9a2cb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: EWR53-P1
timing-allow-origin: *
x-amz-cf-id: 0nvYGX3UKO78E5jI20ymY0_OSULxv0K_UbQwcoKIN0f-aSSTHv5WQA==

GET
H2 200 landing_page-042aeaab4cd016f542d1c7661d8793be9cb8f12180baf4823ef715a030b30751.css
secure.winred.com/assets/ 217 KB
34 KB 36ms
35ms Stylesheet
text/css 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-042aeaab4cd016f542d1c7661d8793be9cb8f12180baf4823ef715a030b30751.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

325626e5a0d6feaed002bf86ca081e947a201b18692bae00aab06e7b23537309

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6362
cf-polished: origSize=225753
last-modified: Thu, 03 Feb 2022 01:33:32 GMT
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9GM32CYPRR76Z06G
x-amz-id-2: 9lOazJc5jIAAE7oAg1pFla3+rmkqIguY8roS0YnfXrB5n5/Bcb2YD69nFoa37wHTWxTOZLI0geE=
cf-bgj: minify
server: cloudflare
etag: W/"b9b0a06e5252fd065b0a96153d58c5e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
x-amz-version-id: Mu4DneAVgYTxP8CI7_GWlNU0_1P2rgpR
cf-ray: 6e5ad2343d0b1a0f-EWR
expires: Wed, 02 Mar 2022 18:28:49 GMT

GET
H2 200 1643230144.css
secure.winred.com/stylesheets/rv_page_01frnnavx8rxdz1pj6t1f4gr5e/ 7 KB
2 KB 26ms
25ms Stylesheet
text/css 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_01frnnavx8rxdz1pj6t1f4gr5e/1643230144.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e614e0eaf2807ddf8bd70f6cbf039338ea4eebe5277cc8956e1225f505bf6c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Wed, 02 Mar 2022 14:28:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3001182
cf-polished: origSize=7158
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: aebcf9c4-afa1-4b3a-8630-9f2f71c4e213
x-runtime: 0.029578
expires: Thu, 02 Mar 2023 20:18:01 GMT
last-modified: Wed, 26 Jan 2022 20:49:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=31556952
cf-ray: 6e5ad2343d0e1a0f-EWR
cf-bgj: minify

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 159 KB
52 KB 47ms
32ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

34dbdac6d554aed34c134394c93c3f4ed39accb9ed153abe9895f6b6d1c7bbb7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52834
x-xss-protection: 0
expires: Wed, 02 Mar 2022 14:58:50 GMT

GET
H2 200 application-landing-page-bce7a02820776c838a4d8d582967b7de1ea4672c113ee8495d074b328fc05268.js Show response
secure.winred.com/assets/ 614 KB
173 KB 32ms
31ms Script
application/javascript 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-bce7a02820776c838a4d8d582967b7de1ea4672c113ee8495d074b328fc05268.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44937d2b1f36d2962e30ca860e2367179210a22f56d90ea7b439d6aff0b67dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 928
cf-polished: origSize=628991
last-modified: Thu, 17 Feb 2022 01:47:09 GMT
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DSTJGJ4R0RD71Q6H
x-amz-id-2: ibDWOdIpu1Ek4ZNM0/qSfD6ZpKM+qPKLA8FEnwBX4m+5RjbdEjou58bk5HEtAd39iNBkda0Bpbw=
cf-bgj: minify
server: cloudflare
etag: W/"769aba082ad008db74dd1573d8b18318"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: V79_PopCA.DTSRlvTzhFkS6zD6PAqwmX
cf-ray: 6e5ad2343d101a0f-EWR
expires: Wed, 02 Mar 2022 18:28:49 GMT

GET
H2 200 api.js Show response
secure.winred.com/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 10ms
9ms Script
text/javascript 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
content-type: text/javascript
vary: Accept-Encoding
cache-control: max-age=604800, public
cf-ray: 6e5ad234be0b1a0f-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 nrsc.png
d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/012/097/large/ 4 KB
4 KB 40ms
3ms Image
image/png 52.85.61.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/logos/logo_assets/000/012/097/large/nrsc.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-46.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f9a09994dd656fee35a10a641b86c3c38de9b0741e16a2151d604251c5886f93

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: xj10w3zaab9GcEc.9NO3FYksvRIoSEHg
via: 1.1 c22d4946ef5faea12b8d3942ceb9259a.cloudfront.net (CloudFront)
etag: "fa542c482c102c32289bca8547cb14b8"
last-modified: Sat, 17 Jul 2021 20:19:36 GMT
server: AmazonS3
age: 60216
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
date: Tue, 01 Mar 2022 21:45:15 GMT
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
content-length: 4071
x-amz-cf-id: JsOQWfFWdx-HgF7DEHJzTAJl4bh20o5aBIsjZ6NhMY6QdD0gNKLXyg==

GET
H3 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
8 KB 45ms
43ms Image
image/svg+xml 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4995
content-type: image/svg+xml
strict-transport-security: max-age=0; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PGJ322Z9P533Z96P
x-amz-id-2: R42QyFP8hynsmbi5rs+1EGG4rQx/5dVfF4Gye2AkQBuIuUcX4KXPi3uXLg9Gu1AWsXD9xSfBPB4=
last-modified: Sun, 01 Aug 2021 04:38:40 GMT
server: cloudflare
etag: W/"d31530d4186af669daf4f47099614593"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Mx.E1m3nz1bm4vsF8Q.JawodiIk.JRm8
cache-control: public, max-age=14400
cf-ray: 6e5ad2353fbb1a2c-EWR
expires: Wed, 02 Mar 2022 18:28:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 283 KB
66 KB 41ms
20ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc85a91ac58ed33e8fcab2ceb0d2a871add7c29d9793f17d9150769dc2584c09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67091
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 244 KB
81 KB 41ms
21ms Script
application/javascript 2607:f8b0:4006:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f7cf1784962e2b6bb05ab1c53dc98797b37d2c3f99f085c0c82a5a61b01de9aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82441
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
8ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6471
date: Wed, 02 Mar 2022 12:40:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 02 Mar 2022 14:40:59 GMT

GET
H2 200 NRSC_Web_DrainTheSwamp_1920x1080_v1_%282%29.jpg
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/060/570/large/ 203 KB
203 KB 41ms
6ms Image
image/jpeg 52.85.61.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/060/570/large/NRSC_Web_DrainTheSwamp_1920x1080_v1_%282%29.jpg
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/stylesheets/rv_page_01frnnavx8rxdz1pj6t1f4gr5e/1643230144.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-46.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 471d2300ffb17de09dad1d15611b9884d8640e16488368c9d37ee7b528520c13

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 02 Mar 2022 06:29:10 GMT
via: 1.1 c22d4946ef5faea12b8d3942ceb9259a.cloudfront.net (CloudFront)
last-modified: Sun, 18 Jul 2021 18:14:08 GMT
server: AmazonS3
age: 28781
etag: "58511aa7d4370a5a2f49fb5ed9b82b6a"
x-cache: Hit from cloudfront
x-amz-version-id: 387fCzTOPLK.FIwrkxSnhm2ivW41YBn9
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
content-type: image/jpeg
content-length: 207541
x-amz-cf-id: XCZXwQlB1WEd48H0IIZd5VFA5XFN5fy9otumNM0_TLa3YVrHhSIsiA==

GET
H2 200 m-outer-ce3cdfac755a319f13136d294df99983.html Show response
js.stripe.com/v3/ Frame 6C0B 240 B
962 B 4ms
4ms Document
text/html 52.85.61.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-ce3cdfac755a319f13136d294df99983.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.61.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-61-106.ewr53.r.cloudfront.net

Software

Cloudfront /

Resource Hash

39274d16fe03d66d8a425007eeb00f2d51496db71e847a0940a1b3ae12c42fed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/

Response headers

content-type: text/html; charset=utf-8
content-length: 240
last-modified: Mon, 28 Feb 2022 20:02:46 GMT
accept-ranges: bytes
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report
timing-allow-origin: *
date: Wed, 02 Mar 2022 14:12:51 GMT
cache-control: max-age=31536000
etag: "ce3cdfac755a319f13136d294df99983"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2ba01a121d51ee735a8dde7a86ed73b6.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: P55iug5Rgk6ugeb_0Sd_4Z81RaDIM2xx7CdsQ7s_4ML0M0uA-Cwhqw==
age: 959

GET
H2 200 current_with_info Show response
app.revv.co/api/v3/users/ 162 B
1 KB 280ms
79ms XHR
application/vnd.api+json 2606:4700::6812:9b15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc&redirect=https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-bce7a02820776c838a4d8d582967b7de1ea4672c113ee8495d074b328fc05268.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:9b15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912c15d801ad681baa7cb15aab57213bda47c690830387a380544ee606c31dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
date: Wed, 02 Mar 2022 14:28:50 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
cf-cache-status: DYNAMIC
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 0
x-rack-cors-original-access-control-expose-headers
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: c041ae61-0b47-4155-995e-68958c6c52a8
x-runtime: 0.007811
server: cloudflare
etag: W/"912c15d801ad681baa7cb15aab57213b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
vary: Origin
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6e5ad2371c6e8c21-EWR
x-rack-cors: hit
x-content-type-options: nosniff
access-control-expose-headers

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 77ms
45ms XHR
application/json 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://secure.winred.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 6C0B 0
357 B 256ms
76ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.stripe.com/csp-report
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ip-54-186-23-98.stripe.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://js.stripe.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
server: nginx
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
x-envoy-upstream-service-time: 0
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
content-length: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 68ms
36ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=199524727&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&ul=en-us&de=UTF-8&dt=BIDEN%20HARRIS%20APPROVAL%20POLL&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1743861906&gjid=1392678782&cid=295355616.1646231330&tid=UA-23419263-1&_gid=566896298.1646231330&_r=1&_slc=1&z=720196515

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m-outer-67740208de0918bdf73920776d3deaed.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6C0B 1 KB
1 KB 5ms
4ms Script
application/javascript 52.85.61.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-67740208de0918bdf73920776d3deaed.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-ce3cdfac755a319f13136d294df99983.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.61.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-61-106.ewr53.r.cloudfront.net

Software

Cloudfront /

Resource Hash

990a970d0b13f02acfecc901ef01c6d8fd87b05fbb7173e2a1ecb5ffbc3ef514

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-ce3cdfac755a319f13136d294df99983.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 34
x-cache: Hit from cloudfront
date: Wed, 02 Mar 2022 14:28:17 GMT
via: 1.1 2ba01a121d51ee735a8dde7a86ed73b6.cloudfront.net (CloudFront)
last-modified: Mon, 28 Feb 2022 20:03:13 GMT
server: Cloudfront
etag: W/"d0c7e21ec457b6a134a496f107c3ca93"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-pop: EWR53-P1
timing-allow-origin: *
x-amz-cf-id: brszaZOKY34PQo4NZUjx6A83gX1YpT84oPRbKY8mPhjABItQZmH8lg==

POST
H3 204 result Show response
secure.winred.com/cdn-cgi/bm/cv/ 0
494 B 21ms
21ms XHR
text/plain 2606:4700::6812:9c15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/cdn-cgi/bm/cv/result?req_id=6e5ad233abc51a0f

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/cdn-cgi/bm/cv/669835187/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:9c15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
date: Wed, 02 Mar 2022 14:28:50 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-ray: 6e5ad2377b281a2c-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
68 B 212ms
31ms XHR
text/plain 2607:f8b0:4023:1404::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-73658561-7&cid=295355616.1646231330&jid=2089135714&gjid=1354658495&_gid=566896298.1646231330&_u=aGDAiEABBAAAAG~&z=1416731120

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1404::9b Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 02 Mar 2022 14:28:50 GMT
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 4ms
3ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=199524727&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&ul=en-us&de=UTF-8&dt=BIDEN%20HARRIS%20APPROVAL%20POLL&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEABBAAAAC~&jid=2089135714&gjid=1354658495&cid=295355616.1646231330&tid=UA-73658561-7&_gid=566896298.1646231330&gtm=2wg2s0NTQZ9N&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&z=184281896

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:46:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67364
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 3ms
3ms Image
image/gif 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=199524727&t=event&ni=0&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&ul=en-us&de=UTF-8&dt=BIDEN%20HARRIS%20APPROVAL%20POLL&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=petition%20landing%20page&ea=user%20session%20start&el=landing%20page%20settings&_u=aGDAiEABBAAAAG~&jid=&gjid=&cid=295355616.1646231330&tid=UA-73658561-7&_gid=566896298.1646231330&gtm=2wg2s0NTQZ9N&cd41=anonymous&cd58=f&cd61=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&z=1161261119

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Mar 2022 19:46:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67364
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 308ms
141ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14884
x-xss-protection: 0
server: cafe
etag: 16747055602125368176
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 173ms
8ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
last-modified: Sat, 05 Feb 2022 01:07:27 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200049-IAD

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 184ms
22ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 91A55873E4A04B29AD751FC616ACC67A Ref B: EWR30EDGE0108 Ref C: 2022-03-02T14:28:50Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11333

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 8 KB
3 KB 163ms
5ms Script
application/x-javascript 23.54.69.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.54.69.74 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-54-69-74.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Feb 2022 12:30:38 GMT
Server: AkamaiNetStorage
ETag: "23b34d08f648c3f51b232443afced826:1644409863.170279"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3150
Expires: Wed, 02 Mar 2022 14:48:50 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1409910/ 55 KB
17 KB 154ms
8ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e9b758431f77e96386bdbf11eccffe246c4bb4f3dc9dfc0e8810796c85a0cad8

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: 5h9735lCVZXTBQexpC0hUW.B1SdqUb0u
content-encoding: gzip
etag: "f5685ba09f5e48bb68db75e3b8262ac3"
age: 74
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 17356
x-amz-id-2: FV7kgyxZovK5xB0KMG988qYPVe7zHfzaTqwT8fFj3NhI1WzKabB3cCbQvlW8hcPc0QiZZUyL3Xw=
x-served-by: cache-lga21950-LGA
last-modified: Sun, 27 Feb 2022 11:02:06 GMT
server: AmazonS3
x-timer: S1646231331.697218,VS0,VE1
date: Wed, 02 Mar 2022 14:28:50 GMT
vary: Accept-Encoding
x-amz-request-id: BSXB86R8EZ9Z2W7B
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 48
x-cache-hits: 1

GET
H2 200 scevent.min.js Show response
sc-static.net/ 16 KB
7 KB 177ms
22ms Script
application/javascript 54.230.240.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.240.249 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-240-249.ewr53.r.cloudfront.net
Software: CloudFront /
Resource Hash: c504bddd6b03414e0b675fcd6e8b9cb8c98cc76a194f1a853841c45cb0907c7e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: EWR53-P1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 6259
via: 1.1 79455aeea26d3c071fd96c3c1432669a.cloudfront.net (CloudFront)
x-amz-cf-id: NvugaPgbu5EiYmowfWNSuqC8OnuWsA_FlJQP-s9lUGHhgUz2r79MDg==

GET
H2 200 a-00r9.min.js Show response
b-code.liadm.com/ 26 KB
10 KB 157ms
2ms Script
application/javascript 2600:9000:2209:9400:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-00r9.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:9400:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ZIO-Http /
Resource Hash: ee84a0d38cfdfb3e608a67a0f666837c7822d7a60fcf553414d9ac9a8f900e82

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 22:08:09 GMT
via: 1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
server: ZIO-Http
age: 58841
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: EWR53-P1
content-encoding: gzip
x-amz-cf-id: FU_Fk6hJZUFoXxU9lA4-G_bn8CgbQtHsYsmlMPehE7NQRoyz49hCew==

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 155ms
4ms Script
application/javascript 2001:4998:14:800::1000
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1000 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

10354e9bc6b485028971a1f58fccff5c89d722db324d42bc07963aab24ebb956

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 02 Mar 2022 14:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1390
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5748
x-amz-id-2: iZI6VvB5/lZn+kSwvm6ihRR3JCbjESfymJyH6nbA6ZgwyTh61SCsjK9zaty8OtLaWKiBE08h2Os=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 22 Feb 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 17 Jan 2022 12:00:39 GMT
server: ATS
etag: "13a189bb8f25228852b3279db3659c28-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 6N51A2006SZ3S7EG
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: pAIvW1wzOXi43b8v53GVflu.j8ZqoXS3
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 148ms
3ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: CgUc7sfjY8ci6EY5AyDUzcSLDxGEbc7zoGg/bPbU/Zu2X20EdeXTnGXs+6qZo/91qFJpIx2aYQLQE7LY++jHdg==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 02 Mar 2022 14:28:50 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK pixie.js Show response
acdn.adnxs.com/dmp/up/ 9 KB
4 KB 152ms
2ms Script
application/javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/up/pixie.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Content-Encoding: gzip
Age: 31083
X-Cache: HIT
Connection: keep-alive
Content-Length: 3340
X-Served-By: cache-lga21977-LGA
Access-Control-Allow-Origin: *
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1646231331.702948,VS0,VE0
ETag: W/"60b79de0-23b3"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish
Expires: Fri, 01 Oct 2021 05:45:37 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 2690

GET
H/1.1 200
OK main.js Show response
rtxpx-a.akamaihd.net/ 91 KB
31 KB 261ms
12ms Script
application/javascript 2600:141b:13::17d7:82b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtxpx-a.akamaihd.net/main.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2600:141b:13::17d7:82b8 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1cd6e55f30592f2d07f9d038d85872e5d4fe5b079c86cadf29a3776694593d7b

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Content-Encoding: gzip
x-amz-request-id: D7F288384DD2413B
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 30922
x-amz-id-2: efxhD5lxtdA+bj0wH4T6QZ66krnFumsZtQJ3kss04lMOYqJBa5h8HlBN65JkkMfDE+n9k29Rc/c=
Pragma: no-cache
Last-Modified: Thu, 28 Jan 2021 21:02:34 GMT
Server: AmazonS3
ETag: "0e00eda4d7973d0a511ce8aae95bef1c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=0, no-cache, no-store
Accept-Ranges: bytes
Expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 392 KB
115 KB 51ms
13ms Script
application/x-javascript 23.54.69.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.54.69.53 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-54-69-53.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 36a588822bfb9e3d351da79c492ed62f9d98275d59f611a50b0f37ae11731a34

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Content-Encoding: gzip
x-amz-request-id: 1AYT9ZW79E8HX0SP
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: dUkcc1fW3twue0v6TTeuOCezCW5t6vRZDpvWQpAtAPFcu3awsLq82g8wnHbz5GXw0g7S1QR6djU=
Last-Modified: Thu, 10 Feb 2022 22:27:22 GMT
Server: AmazonS3
ETag: "93a3fdf08b1a28e64ac925822f0cc789"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 rt.gif
jadserve.postrelease.com/ 43 B
540 B 50ms
9ms Image
image/gif 3.92.67.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/rt.gif?ntv_tg=16bfbe43c9c5407f9a7961f266beb03b&ord=[cache_buster]
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-67-221.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
441 B 162ms
30ms XHR
text/plain 2607:f8b0:4023:1404::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-23419263-1&cid=295355616.1646231330&jid=1743861906&gjid=1392678782&_gid=566896298.1646231330&_u=IEBAAEAAAAAAAC~&z=1877026485

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1404::9b Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 02 Mar 2022 14:28:50 GMT
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 6D16 932 B
1 KB 23ms
2ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-67740208de0918bdf73920776d3deaed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw=' 'report-sample'; style-src https://m.stripe.network 'report-sample'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://js.stripe.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: max-age=300, public
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw=' 'report-sample'; style-src https://m.stripe.network 'report-sample'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Wed, 02 Mar 2022 14:28:50 GMT
via: 1.1 varnish
age: 26
x-request-id: 876e6696-d790-488b-81ba-819e1da51422
x-served-by: cache-lga21970-LGA
x-cache: HIT
x-cache-hits: 35
x-timer: S1646231331.706443,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 528

GET
H/1.1 200
OK pixie
ib.adnxs.com/ 42 B
335 B 10ms
2ms Image
image/gif 68.67.179.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/pixie?e=PageView&pi=26e1b8dd-a273-4727-b1c1-de9229a26953&it=1646231330706&v=0.0.20&u=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&st=1646231330706&et=1646231330707&if=0
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 68.67.179.123 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 562.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software: nginx/1.17.9 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx/1.17.9
Connection: keep-alive
X-Proxy-Origin: 5.181.234.133; 5.181.234.133; 562.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
Content-Length: 42
Content-Type: image/gif

GET
H2 200 json Show response
trc.taboola.com/1409910/trc/3/ 2 KB
2 KB 20ms
11ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1409910/trc/3/json?tim=1646231330719&data=%7B%22id%22%3A399%2C%22ii%22%3A%22%2Fnrsc%2Fbiden-harris-approval-sa-db%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1646231330709%2C%22cv%22%3A%2220220224-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220226_na_bidenharrisapprovalsa-v8__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dnrsc-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1646231330718%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna%22%2C%22tos%22%3A4%2C%22ssd%22%3A1%2C%22scd%22%3A60%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1561a1a6d5a3c537e6a9035a36eda97fe409a896bc922466418edb2ff9d82f81

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
server: nginx
x-timer: S1646231331.731517,VS0,VE9
x-served-by: cache-lga21950-LGA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 726955087976350 Show response
connect.facebook.net/signals/config/ 308 KB
87 KB 14ms
8ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/726955087976350?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9fdb976a51f79d80e66ee7591a524fd8541dbf666b1d93b02289ad9f219478bd

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89545
x-xss-protection: 0
pragma: public
x-fb-debug: PdTBOTeIyH0x74TdVhXU408eK+e41RY5Sh6zUDbEKJdIyyxgCVoSugWtqywhkGgxguW+5jq+zo2gedIfiWEUTg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 02 Mar 2022 14:28:50 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 csp-report
q.stripe.com/ Frame 6D16 0
130 B 78ms
78ms Other
text/plain 54.186.23.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-186-23-98.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://m.stripe.network/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
x-envoy-upstream-service-time: 1
server: nginx
content-length: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 48ms
30ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-23419263-1&cid=295355616.1646231330&jid=1743861906&_u=IEBAAEAAAAAAAC~&z=498354242

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 46ms
29ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-73658561-7&cid=295355616.1646231330&jid=2089135714&_u=aGDAiEABBAAAAG~&z=15932424

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
239 B 50ms
8ms Script
application/javascript 64.202.112.223
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.outbrain.com/cachedClickId?marketerId=00a57e16539986d0eda5fcb3cdf025defc
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
X-TraceId: b271d3c94b6f024d4c627644e16e9b19
Content-Length: 56
Content-Type: application/javascript

GET
H/1.1 200
OK unifiedPixel
tr.outbrain.com/ 43 B
256 B 47ms
4ms Image
image/gif 64.202.112.223
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/unifiedPixel?marketerId=00a57e16539986d0eda5fcb3cdf025defc&obApiVersion=1.0-gtm&obtpVersion=1.6.0&name=PAGE_VIEW&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&optOut=false&bust=05432619191543797
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 14:28:50 GMT
Cache-Control: no-cache
X-TraceId: 143a4aa1ad9bbf359beb01ce7121941a
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H2 200 10099393.json Show response
s.yimg.com/wi/config/ 2 B
448 B 27ms
10ms XHR
application/json 2001:4998:14:800::1000
YAHOO

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10099393.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1000 , United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:20 GMT
x-content-type-options: nosniff
age: 30
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: 2M0GTKMK585MRV8B
x-amz-id-2: ep/XbbkRWCu4BSSdxkKrvHpd1LRRazS+pbbozgMB0jCPtPqlvVjCMih7aXOzSj5J3o9j0iTYzoY=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 2

GET
H2 200 out-4.5.41.js Show response
m.stripe.network/ Frame 6D16 85 KB
16 KB 2ms
2ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.41.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 5
x-cache: HIT
content-length: 15786
x-request-id: 765c6814-97b7-4d7f-ba3e-7259c5f97a30
x-served-by: cache-lga21970-LGA
server: Fastly
x-timer: S1646231331.780371,VS0,VE0
date: Wed, 02 Mar 2022 14:28:50 GMT
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 5

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 2 KB
1 KB 4ms
3ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 827
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: DxhHalyyoAj9wZgdL+sGv4UqKE4G1XDj0mW9YV0th4wEyjE710JdfNCcUUO9GcZzblVZ3GViK44=
x-served-by: cache-lga21950-LGA
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1646231331.799811,VS0,VE0
date: Wed, 02 Mar 2022 14:28:50 GMT
vary: Accept-Encoding
x-amz-request-id: 590KQ3P07W4QKX9M
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 39
x-cache-hits: 2356

GET
H2 200 eid.js Show response
cdn.taboola.com/scripts/ 14 KB
5 KB 4ms
3ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/eid.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding: gzip
etag: "f7917ed1eb799a729725a7db50d1f828"
age: 3275
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5258
x-amz-id-2: qqO3I4yeyN3ULGdSlITauR1Dq8+97FlFRCMvtgqU0G1RhLJYiUDULoqnELy4iMh3PmhD5EVrPkU=
x-served-by: cache-lga21950-LGA
last-modified: Tue, 28 Dec 2021 08:10:40 GMT
server: AmazonS3
x-timer: S1646231331.800404,VS0,VE0
date: Wed, 02 Mar 2022 14:28:50 GMT
vary: Accept-Encoding
x-amz-request-id: 7Z3ETSK1Z8NK1P2V
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 39
x-cache-hits: 6964

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
456 B 112ms
34ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=7e7efa75-3a9b-4aae-9d77-9067f5086fd3&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
server: tsa_b
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0ea00a60d434faeb58c1a7e854bd4203007d2e9ced3ce0450f5c422630206cb6
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 101ms
34ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=7e7efa75-3a9b-4aae-9d77-9067f5086fd3&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 02 Mar 2022 14:28:50 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: fc00ad0f1dc073070e418b8baf34f4b0f97c222247d667dc17ac8d898db1fd18
content-length: 43

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 46 B
313 B 46ms
32ms Fetch
application/json 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=db23cbdb-20db-44d4-b6a5-07bc2f403227

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

b59860ba7f4430aad856fe57aa9550316deb2bdbc8ead7780bc97f3eb5bba92b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
via: 1.1 google
server: nginx/1.19.6
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46

GET
H2 204 5576699.js Show response
bat.bing.com/p/action/ 0
94 B 207ms
207ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5576699.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 02 Mar 2022 14:28:50 GMT
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B338355E8C1A4F49841C189C6F832EC4 Ref B: EWR30EDGE0108 Ref C: 2022-03-02T14:28:50Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
151 B 24ms
24ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5576699&tm=gtm002&Ver=2&mid=84bcb9c8-e8a3-4e5e-a83c-e639c0824868&sid=146d42509a3511eca75ae9e2a56dd2d3&vid=146d67609a3511ec9ef119ca7a2e8dfd&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=BIDEN%20HARRIS%20APPROVAL%20POLL&p=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&r=&lt=638&evt=pageLoad&msclkid=N&sv=1&rn=927716
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3058AB018A34416CBA67E1DA659738D4 Ref B: EWR30EDGE0108 Ref C: 2022-03-02T14:28:50Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
406 B 11ms
3ms Image
image/gif 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=726955087976350&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&rl=&if=false&ts=1646231330868&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22432355648185493%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%222915042018814936%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22285609139649075%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%223536133729846044%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1646231330867.662491689&it=1646231330730&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
714 B 57ms
18ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2002%20Mar%202022%2014%3A28%3A50%20GMT&n=0&b=BIDEN%20HARRIS%20APPROVAL%20POLL&.yp=10099393&f=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&enc=UTF-8&yv=1.12.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Wed, 02 Mar 2022 14:28:50 GMT

GET
H3 200 i Show response
tr.snapchat.com/cm/ Frame A598 672 B
688 B 44ms
39ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/

Response headers

server: nginx/1.19.6
date: Wed, 02 Mar 2022 14:28:50 GMT
content-type: text/html
content-length: 672
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 p
tr.snapchat.com/ 68 B
86 B 65ms
64ms Image
image/png 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=6ff036a3-ce6b-406a-ab75-d8c03ce3cfdb&pid=db23cbdb-20db-44d4-b6a5-07bc2f403227&ev=PAGE_VIEW&pl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&ts=1646231330879&rf=&v=1.6.0&if=false&bt=__LIVE__&intg=gtm&m_sl=1212&m_rd=1307&m_pi=598&m_ic=0&u_c1=01f11b97-b653-4173-9861-a34abc84adf8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:50 GMT
via: 1.1 google
server: nginx/1.19.6
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

GET
H2 200 t Show response
jadserve.postrelease.com/ 115 B
735 B 10ms
10ms Script
text/javascript 3.92.67.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.92.67.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-67-221.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:50 GMT
content-encoding: gzip
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 122
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_...
https://rp4.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm...

13 B
553 B

56ms
11ms

XHR
application/json

3.224.47.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&wpn=lc-bundle&c=PHRpdGxlPkJJREVOIEhBUlJJUyBBUFBST1ZBTCBQT0xMPC90aXRsZT48bWV0YSBjb250ZW50PSI8cCBzdHlsZT0mcXVvdDt0ZXh0LWFsaWduOiBjZW50ZXI7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2JhY2tncm91bmQtY29sb3I6ICNmMWM0MGY7JnF1b3Q7PjxzdHJvbmc-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1zaXplOiAyNHB0OyBmb250LWZhbWlseTogdGFob21hLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZjFjNDBmOyZxdW90Oz5UQUtFIFRIRSBQT0xMPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-CjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDI0cHQ7IGZvbnQtZmFtaWx5OiB0YWhvbWEsIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7JnF1b3Q7PkRvIHlvdSBzdXBwb3J0IEpvZSBCaWRlbiBhbmQgS2FtYWxhIEhhcnJpcz88L3NwYW4-PC9zdHJvbmc-PC9wPiIgbmFtZT0iZGVzY3JpcHRpb24iPg&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMjpiYTJkOmQxZTQ6YWUxMg%3D%3D&n3pc=true

Requested by

Protocol

Server

3.224.47.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-224-47-34.compute-1.amazonaws.com

Software

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:28:51 GMT
x-pixel-event-id: 9d0bbe3d-ea11-4c9f-86af-a185ac10f31b
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: null
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 2a3a860450ddf335
request-time: 0
content-length: 13
x-content-type-options: nosniff

Redirect headers

date: Wed, 02 Mar 2022 14:28:51 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
location: https://rp4.liadm.com/j?dtstmp=1646231330992&aid=a-00r9&se=e30&duid=5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7&tna=v2.3.0&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&wpn=lc-bundle&c=PHRpdGxlPkJJREVOIEhBUlJJUyBBUFBST1ZBTCBQT0xMPC90aXRsZT48bWV0YSBjb250ZW50PSI8cCBzdHlsZT0mcXVvdDt0ZXh0LWFsaWduOiBjZW50ZXI7JnF1b3Q7PjxzcGFuIHN0eWxlPSZxdW90O2JhY2tncm91bmQtY29sb3I6ICNmMWM0MGY7JnF1b3Q7PjxzdHJvbmc-PHNwYW4gc3R5bGU9JnF1b3Q7Zm9udC1zaXplOiAyNHB0OyBmb250LWZhbWlseTogdGFob21hLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZjFjNDBmOyZxdW90Oz5UQUtFIFRIRSBQT0xMPC9zcGFuPjwvc3Ryb25nPjwvc3Bhbj48L3A-CjxwIHN0eWxlPSZxdW90O3RleHQtYWxpZ246IGNlbnRlcjsmcXVvdDs-PHN0cm9uZz48c3BhbiBzdHlsZT0mcXVvdDtmb250LXNpemU6IDI0cHQ7IGZvbnQtZmFtaWx5OiB0YWhvbWEsIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7JnF1b3Q7PkRvIHlvdSBzdXBwb3J0IEpvZSBCaWRlbiBhbmQgS2FtYWxhIEhhcnJpcz88L3NwYW4-PC9zdHJvbmc-PC9wPiIgbmFtZT0iZGVzY3JpcHRpb24iPg&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMjpiYTJkOmQxZTQ6YWUxMg%3D%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://secure.winred.com
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 6d56b9456c961a99
request-time: 1
content-length: 0
x-content-type-options: nosniff

POST
H2 200 6 Show response
m.stripe.com/ Frame 6D16 156 B
523 B 247ms
79ms XHR
application/json 52.41.18.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.41.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.41.18.135 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-41-18-135.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

2eeecf97398c7b3bba0a4477a965073509eb981bfc215d3e72288a0fe63190b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 02 Mar 2022 14:28:51 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/ 2 KB
2 KB 176ms
34ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/?random=1646231331029&cv=9&fst=1646231331029&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17715cd3f71827a3e4a82c0acbcad5c4de1304545d5faf595a0b2af595eeb6d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1105
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/855967303/ 2 KB
1 KB 159ms
21ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/855967303/?random=1646231331032&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&auid=1278583122.1646231330&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

668781a6c720db99fd58871e0e33ea4172a83317a0d02801a9d63472a885a1e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1323
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

id Show response
stickyid-a.akamaihd.net/
Redirect Chain

https://stickyid-a.akamaihd.net/id?o=https%3A%2F%2Fsecure.winred.com
https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com

90 B
532 B

76ms
30ms

XHR
application/json

2600:141b:13::17d7:82b3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stickyid-a.akamaihd.net/id?cc=1&o=https%3A%2F%2Fsecure.winred.com
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
Protocol: H3-Q050
Server: 2600:141b:13::17d7:82b3 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 53c83a2f51df5a978486a19bc7b1030eff3a2cfddf650824dd6b9c770e200187

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
server: AkamaiNetStorage
etag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
quic-version: Q050
p3p: CP="We do not have a P3P policy."
access-control-allow-origin: https://secure.winred.com
cache-control: max-age=0, no-cache, no-store, private
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 90
expires: Wed, 02 Mar 2022 14:28:51 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 14:28:51 GMT
Server: AkamaiNetStorage
ETag: "d2715d34e10e5a9f3692d96bd0fbb282:1592835897"
Location: /id?cc=1&o=https%3A%2F%2Fsecure.winred.com
P3P: CP="We do not have a P3P policy."
Access-Control-Allow-Origin: https://secure.winred.com
Cache-Control: max-age=0, no-cache, no-store, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 154
Expires: Wed, 02 Mar 2022 14:28:51 GMT

GET
H2 200 scevent.min.js Show response
sc-static.net/ Frame A598 16 KB
6 KB 6ms
4ms Script
application/javascript 54.230.240.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: tr.snapchat.com
URL: https://tr.snapchat.com/cm/i?pid=db23cbdb-20db-44d4-b6a5-07bc2f403227
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.240.249 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-240-249.ewr53.r.cloudfront.net
Software: CloudFront /
Resource Hash: c504bddd6b03414e0b675fcd6e8b9cb8c98cc76a194f1a853841c45cb0907c7e

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://tr.snapchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:50:13 GMT
content-encoding: gzip
server: CloudFront
age: 45518
etag: 0d6e407936704bd380072f5891d28b0e
x-cache: Hit from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=86400, max-age=600
x-amz-cf-pop: EWR53-P1
access-control-allow-headers: Content-Type
content-length: 6259
via: 1.1 79455aeea26d3c071fd96c3c1432669a.cloudfront.net (CloudFront)
x-amz-cf-id: eePrmsPyJ5aEppaKqIWaMQdfTLmvr_2_z22bZEdxqYdTWTWgK85Iqw==

GET
H3

200

/
www.google.com/pagead/1p-conversion/855967303/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&...
https://www.google.com/pagead/1p-conversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_a...

42 B
64 B

33ms
32ms

Image
image/gif

2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&auid=1278583122.1646231330&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=I38fYoaTC4K4yQOT1LTQBg&eitems=ChEIgMj8kAYQkY3kspnwzZXRARIdACLcoC-o7XbNfpgzPY3vW6mmOn7IRpPGSHCY3-o&random=833475785&resp=GooglemKTybQhCsO

Requested by

Protocol

Server

2607:f8b0:4006:808::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-conversion/855967303/?random=658602457&cv=9&fst=1646231331032&num=1&value=0&label=_VeJCOrpwfcBEMeMlJgD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&auid=1278583122.1646231330&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=I38fYoaTC4K4yQOT1LTQBg&eitems=ChEIgMj8kAYQkY3kspnwzZXRARIdACLcoC-o7XbNfpgzPY3vW6mmOn7IRpPGSHCY3-o&random=833475785&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

p Show response
tr.snapchat.com/cm/ Frame DEEE
Redirect Chain

https://tr.snapchat.com/cm/s?bt=__LIVE__&pnid=140&cb=1646231331204
https://pixel.tapad.com/idsync/ex/push?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1646229434350%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2884&partner_url=https%3A%2F%2Ftr.snapchat.com%2Fcm%2Fp%3Frand%3D1646229434350%26pnid%3D140%26pcid%3D%24%7BTA_DEVICE_ID%7D
https://tr.snapchat.com/cm/p?rand=1646229434350&pnid=140&pcid=62264dd9-dd8c-49df-9060-9027a77e1df3

0
15 B

43ms
43ms

Document
text/html

35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/p?rand=1646229434350&pnid=140&pcid=62264dd9-dd8c-49df-9060-9027a77e1df3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.19.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://tr.snapchat.com/

Response headers

server: nginx/1.19.6
date: Wed, 02 Mar 2022 14:28:51 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

date: Wed, 02 Mar 2022 14:28:51 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://tr.snapchat.com/cm/p?rand=1646229434350&pnid=140&pcid=62264dd9-dd8c-49df-9060-9027a77e1df3
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H3 200 /
www.google.com/pagead/1p-user-list/863113746/ 42 B
64 B 41ms
28ms Image
image/gif 2607:f8b0:4006:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/863113746/?random=1646231331029&cv=9&fst=1646229600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg2s0&sendb=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna&tiba=BIDEN%20HARRIS%20APPROVAL%20POLL&async=1&fmt=3&is_vtc=1&random=2629036816&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 14:28:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 /
rtclx.com/s/ 0
663 B 168ms
10ms Ping
text/plain 54.235.30.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtclx.com/s/?p=7493
Requested by: Host: rtxpx-a.akamaihd.net
URL: https://rtxpx-a.akamaihd.net/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.235.30.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-235-30-242.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,X-Forwarded-For,X-Forwarded-Proto,If-Modified-Since,referer,Cache-Control,Content-Type,Range,Pragma,Accept,Accept-Encoding,Accept-Language
access-control-allow-methods: GET, POST, OPTIONS
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame BCD8 0
18 B 7ms
3ms Document
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://secure.winred.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Wed, 02 Mar 2022 14:28:51 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1409910/log/3/ 0
380 B 36ms
2ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1409910/log/3/unip?en=pre_d_eng_tb&tos=1580&scd=60&ssd=1&est=1646231330713&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1646231332295&vi=1646231330709&ri=fb19a0405d0c5db5052f2da1f752e9ed&sd=v2_159781924b28dc5c90722a781baae536_f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2_1646231330_1646231330_CNawjgYQ9oZWGJW_otj0LyABKAEw4QE4kaQOQJ_uDkj2y9kDUJ8EWABgAGjb_5X0ga2ul6YBcAE&ui=f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2&ref=null&cv=20220224-6-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://secure.winred.com
pragma: no-cache
date: Wed, 02 Mar 2022 14:28:52 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H3 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/48/2/ 79 KB
29 KB 15ms
4ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/48/2/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2af1a34c4164270221fc515efafc4b385e7d0e0445c041d986a456f35abd238a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 01:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29479
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 22:53:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 01:17:15 GMT

GET
H3 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/48/2/ 294 KB
90 KB 16ms
6ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/48/2/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDGBR6MmEzkdkem9Ci2VrraiYLneizw9Rg&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fce4f3c6bfa147997143a52da64c2e1421b8870996c79c84986a712493a5b250

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 14:10:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1103
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92005
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 22:53:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 14:10:32 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1409910/log/3/ 0
379 B 2ms
2ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1409910/log/3/unip?en=pre_d_eng_tb&tos=4582&scd=60&ssd=1&est=1646231330713&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1646231335296&vi=1646231330709&ri=fb19a0405d0c5db5052f2da1f752e9ed&sd=v2_159781924b28dc5c90722a781baae536_f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2_1646231330_1646231330_CNawjgYQ9oZWGJW_otj0LyABKAEw4QE4kaQOQJ_uDkj2y9kDUJ8EWABgAGjb_5X0ga2ul6YBcAE&ui=f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2&ref=null&cv=20220224-6-RELEASE&item-url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2Fbiden-harris-approval-sa-db%3Futm_medium%3Dp2p%26utm_source%3Ddb_nrsc_p2p%26utm_campaign%3D20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc%26utm_content%3Dsoft%26amount%3Dna
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1409910/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://secure.winred.com
pragma: no-cache
date: Wed, 02 Mar 2022 14:28:55 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 01:18:37	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
app.revv.co/api/v3/users	1970-01-21 21:06:37	Name: rvid Value: 195a0cd6-c898-4e4c-b6c3-8150e76b1274
.taboola.com/nrsc-sc/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_159781924b28dc5c90722a781baae536_f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2_1646231330_1646231330_CNawjgYQ9oZWGJW_otj0LyABKAEw4QE4kaQOQJ_uDkj2y9kDUJ8EWABgAGjb_5X0ga2ul6YBcAE
secure.winred.com/nrsc	1969-12-31 23:59:59	Name: ntvSession Value: {}
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: UjR1ZWllTGtmeHI3Y3BWQXliRFJzUUozVXRtYklhREdqMUJkNHNGcFV1RmM4UGZzbVltcFlEcmc2QVh4TEJWLzJhSHh6TWNxWUthanhsUExlajZ2clhrZ0U2VEtJV3NYelM0L1NoOVlOelVZcVhtTEFmMTNMdkNUbXlaZ21JQ0xCOVdqY0NSSU03SS9jUzhEQkhJaks2N2xaVS84eFZBc05kOFVUcU1tSEQ0Zy83N1dyYm0yWUFGME1PaHVwSkR6ZXhZMnJCVWt1c0ZrNlVrcEt0V2V5a2FWTE5VOWNDRmJHWUxLdkhWNmNDcFh6L1ZaRmZJbU5kc0ZvWmpJTzhHclBYSzQ4aHU3RWF2K2VsODRhblk1VHVhSDZqODM3WVZOWTJGMlJZeWtSMmdOMjNCeWtlTk51VE8rdFdjZ3BZd1ArbWRvZkoyeVUyK1RxSEt5YVJkdVQvekFYTjFYblFwQXpuaitwaWwrUzQ2aVRQelNXbk8vNFBCVCtlNmprMWt0dHg5WS9CUFZtODR6anhoYndTZXhCV2tZaFI5STRGa1h2OTRBUUw4d2FnSTcxWlhVZVc1M2htNFBSTWJnd2J3V2dPVyt2THNZYUFZMmNVVEtNbFM3ZjZBS05oZU81T3lpQmxsTEsrSi8vbHkxaG1qSlBmdVNhUG9DZzdhWnk1djlvdkJIRUtBVG4rcW16QkJBa3JRalltNTlnWW0vSVpKZFBIakRTd3dOOHVXNzNQNVFzaHlpTTRGWTJKOXM2SVdseFVKZEtHUWhvcEttbDhpSlVXNzErUT09LS1hbWdnMC8vZEVoczdvRGpON1p0NUxnPT0%3D--a9bd0e11c88f7ada44b639f4c2a99a6c1cc683b9
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/nrsc/biden-harris-approval-sa-db?utm_medium=p2p&utm_source=db_nrsc_p2p&utm_campaign=20220301_na_bidenharrisapprovalsa-v18__nrsc_nrsc&utm_content=soft&amount=na
.winred.com/	1970-01-20 18:48:23	Name: _ga Value: GA1.2.295355616.1646231330
.winred.com/	1970-01-20 01:18:37	Name: _gid Value: GA1.2.566896298.1646231330
.winred.com/	1970-01-20 01:17:11	Name: _gat Value: 1
.revv.co/	1969-12-31 23:59:59	Name: _revv_v3_session Value: bmwwOWl4dmpEOC9RbGpjT1k5a2o1a1QrTTBDWDJGN0xJVWlrOHZZSVBmT2hLczh4b3cyVnU3N1dlYVdBZmhiQnVGUitkMGRHU3o0OUg1ZXY3Q2l2SFE9PS0tR0MyMm1OZGppUHN4M3plMitjZDE0Zz09--4b3bf346facdf7e0ef7aa13932da5b88b3ce493f
.revv.co/	1970-01-20 01:17:13	Name: __cf_bm Value: j5WK1VSpigMdV4zeYJTcgjJsoieIuXDxsku2yyyQlA4-1646231330-0-Afm3ZsrRCXrmKSeTXhC29+f0k7i/Lx3/U8Vsjf0WoCL1uwN+XtVZcwJGN+e7OzW/TiwC9I0qxYbaNud1sLyTUk6C6Y6/l8+oFnKxV3dXwPt3
.winred.com/	1970-01-20 03:26:47	Name: _gcl_au Value: 1.1.1278583122.1646231330
.secure.winred.com/	1970-01-20 01:17:13	Name: __cf_bm Value: KdcbsYvhtUVnLK0k81l462s9pky63ctMyO1CErEge5o-1646231330-0-ARL/eFAqEs0LVi79ZmgelI+Y6J/pAEd3xSPuxyQCmVUeGoRJtv1Sk8ZWcgBVrzJP7eA3KpWAh03eDXhC1r2Jh5tTZdy+8wd8tGmNV1gQMP7wlbSpjIt30cm/s8YgIzPOc/r3H5gZwriTCJpTkLCWwnkeFrLsoTSm7I26Xd5rMyZQFpRd1zcRyOnEO3YOKwCq5A==
.winred.com/	1970-01-20 01:17:11	Name: _dc_gtm_UA-73658561-7 Value: 1
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
secure.winred.com/	1970-01-21 21:05:11	Name: rvid Value: 195a0cd6-c898-4e4c-b6c3-8150e76b1274
.bing.com/	1970-01-20 10:38:47	Name: MUID Value: 053F1FD46DCB61521A810E8F6CE260C4
.bat.bing.com/	1970-01-20 01:27:16	Name: MR Value: 0
.taboola.com/	1970-01-20 10:02:47	Name: t_gid Value: f99673a0-a2b5-4e63-82fd-73b29670a6f8-tuct91904a2
.postrelease.com/	1970-01-20 10:02:47	Name: visitor Value: 45975af8-9359-40a2-8d10-63e7ff6be6f9
.postrelease.com/	1970-01-20 10:02:47	Name: status Value: 1
.winred.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .winred.com
.winred.com/	1970-01-20 18:48:23	Name: _lc2_fpi Value: 5fe568a6c8fd--01fx5gh7ymgwv4nyhe9q2eyvc7
.winred.com/	1970-01-20 01:18:37	Name: _uetsid Value: 146d42509a3511eca75ae9e2a56dd2d3
.winred.com/	1970-01-20 10:38:47	Name: _uetvid Value: 146d67609a3511ec9ef119ca7a2e8dfd
.winred.com/	1970-01-20 03:26:47	Name: _fbp Value: fb.1.1646231330867.662491689
.winred.com/	1970-01-20 10:46:58	Name: _scid Value: 01f11b97-b653-4173-9861-a34abc84adf8
.facebook.com/	1970-01-20 03:26:47	Name: fr Value: 0hi5s8Ffqmy3TpFs0..BiH38i...1.0.BiH38i.
.t.co/	1970-01-20 18:48:23	Name: muc_ads Value: ce0eb1fd-41af-4f8b-86be-95f8df0f1738
.twitter.com/	1970-01-20 18:48:23	Name: personalization_id Value: "v1_WqhewVdRPggABpdidjCueg=="
.yahoo.com/	1970-01-20 10:03:08	Name: A3 Value: d=AQABBCJ_H2ICEG7RAAvgWOpRNj0f99AWM_UFEgEBAQHQIGIpYgAAAAAA_eMAAA&S=AQAAAofRtFyUjuIb2M7enOZsQJc
.postrelease.com/	1970-01-20 10:02:47	Name: ver Value: 1
secure.winred.com/	1970-01-20 01:17:11	Name: outbrain_cid_fetch Value: true
.akamaihd.net/	1970-01-20 10:02:47	Name: b53eedc13__ Value: 750082df2e0f5a9005c98dd7a857023bf9a7a3fe7.1646231331
.doubleclick.net/	1970-01-20 01:17:12	Name: test_cookie Value: CheckForPermission
.liadm.com/	1970-01-20 18:48:23	Name: lidid Value: 617b8553-96be-4383-81c3-3b480d266a34
.snapchat.com/	1970-01-20 10:38:47	Name: sc_at Value: v2\|H4sIAAAAAAAAAE3GwQ3AMAgDwImQbIwgdBsaKVNk+H57r5tzYvWG+ZIsdpW9WW4sAJzuwVwGHmakixLvr/gAJ9uxxUAAAAA=
m.stripe.com/	1970-01-20 18:48:23	Name: m Value: 9e43977e-1666-42cb-a8b5-07059a08197809e26b
.secure.winred.com/	1970-01-20 10:02:47	Name: __stripe_mid Value: 18ec40ee-00cf-49fb-914b-f3cdc6dd75be531c11
.tapad.com/	1970-01-20 02:43:35	Name: TapAd_TS Value: 1646231331271
.tapad.com/	1970-01-20 02:43:35	Name: TapAd_DID Value: 62264dd9-dd8c-49df-9060-9027a77e1df3
.secure.winred.com/	1970-01-20 01:17:13	Name: __stripe_sid Value: d2885bb4-0c75-4fd1-aca8-07f256fb767df8496d
.rtclx.com/	1970-01-20 02:00:23	Name: tp_usr Value: 750082df2e0f5a9005c98dd7a857023bf9a7a3fe7
.rtclx.com/	1970-01-20 02:00:23	Name: tp_dfp Value: 14cb13ef9a3511ec9eb60242ac110003
.tapad.com/	1970-01-20 02:43:35	Name: TapAd_3WAY_SYNCS Value:
.winred.com/	1970-01-20 10:46:58	Name: _sctr Value: 1\|1646179200000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 71) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
amplify.outbrain.com
analytics.twitter.com
app.revv.co
b-code.liadm.com
bat.bing.com
cdn.taboola.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
e.campaignsvc.com
googleads.g.doubleclick.net
ib.adnxs.com
jadserve.postrelease.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
pixel.tapad.com
q.stripe.com
rp.liadm.com
rp4.liadm.com
rtclx.com
rtxpx-a.akamaihd.net
s.ntv.io
s.yimg.com
sc-static.net
secure.winred.com
sp.analytics.yahoo.com
static.ads-twitter.com
stats.g.doubleclick.net
stickyid-a.akamaihd.net
t.co
tr.outbrain.com
tr.snapchat.com
trc-events.taboola.com
trc.taboola.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
104.244.42.5
104.244.42.67
107.178.246.49
141.226.224.48
142.250.65.226
146.75.36.157
151.101.192.176
151.101.193.108
151.101.65.44
2001:4998:14:800::1000
23.54.69.53
23.54.69.74
2600:141b:13::17d7:82b3
2600:141b:13::17d7:82b8
2600:1f18:730:b110:a3e:d471:8212:592f
2600:9000:2209:9400:8:8845:1500:93a1
2606:4700::6812:9b15
2606:4700::6812:9c15
2607:f8b0:4006:808::2004
2607:f8b0:4006:80f::2008
2607:f8b0:4006:820::200e
2607:f8b0:4006:821::2002
2607:f8b0:4006:824::200a
2607:f8b0:4023:1404::9b
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
3.224.47.34
3.229.142.66
3.92.67.221
35.186.226.184
52.41.18.135
52.85.61.106
52.85.61.46
54.186.23.98
54.230.240.249
54.235.30.242
64.202.112.223
68.67.179.123
76.13.32.146
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0e614e0eaf2807ddf8bd70f6cbf039338ea4eebe5277cc8956e1225f505bf6c8
10354e9bc6b485028971a1f58fccff5c89d722db324d42bc07963aab24ebb956
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1561a1a6d5a3c537e6a9035a36eda97fe409a896bc922466418edb2ff9d82f81
17715cd3f71827a3e4a82c0acbcad5c4de1304545d5faf595a0b2af595eeb6d6
1cd6e55f30592f2d07f9d038d85872e5d4fe5b079c86cadf29a3776694593d7b
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2af1a34c4164270221fc515efafc4b385e7d0e0445c041d986a456f35abd238a
2eeecf97398c7b3bba0a4477a965073509eb981bfc215d3e72288a0fe63190b5
3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195
325626e5a0d6feaed002bf86ca081e947a201b18692bae00aab06e7b23537309
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
34dbdac6d554aed34c134394c93c3f4ed39accb9ed153abe9895f6b6d1c7bbb7
36a588822bfb9e3d351da79c492ed62f9d98275d59f611a50b0f37ae11731a34
39274d16fe03d66d8a425007eeb00f2d51496db71e847a0940a1b3ae12c42fed
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44937d2b1f36d2962e30ca860e2367179210a22f56d90ea7b439d6aff0b67dce
471d2300ffb17de09dad1d15611b9884d8640e16488368c9d37ee7b528520c13
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4ff561e39e8169bb42d5431839780390b82e95c851dd1c6be195f9339eab64f8
53c83a2f51df5a978486a19bc7b1030eff3a2cfddf650824dd6b9c770e200187
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6501140033c3bb20da4b5ac73c90f687ba8a2053c4ba37c4b6f5275166db7fa6
668781a6c720db99fd58871e0e33ea4172a83317a0d02801a9d63472a885a1e2
73560bfbf3e06ea1dd034a3ca2aaf18c143b609b2f432f7c9dc590a894f02f42
7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
912c15d801ad681baa7cb15aab57213bda47c690830387a380544ee606c31dbf
990a970d0b13f02acfecc901ef01c6d8fd87b05fbb7173e2a1ecb5ffbc3ef514
9fdb976a51f79d80e66ee7591a524fd8541dbf666b1d93b02289ad9f219478bd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b59860ba7f4430aad856fe57aa9550316deb2bdbc8ead7780bc97f3eb5bba92b
c504bddd6b03414e0b675fcd6e8b9cb8c98cc76a194f1a853841c45cb0907c7e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8
dc85a91ac58ed33e8fcab2ceb0d2a871add7c29d9793f17d9150769dc2584c09
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b758431f77e96386bdbf11eccffe246c4bb4f3dc9dfc0e8810796c85a0cad8
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
ee84a0d38cfdfb3e608a67a0f666837c7822d7a60fcf553414d9ac9a8f900e82
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e
f7cf1784962e2b6bb05ab1c53dc98797b37d2c3f99f085c0c82a5a61b01de9aa
f9a09994dd656fee35a10a641b86c3c38de9b0741e16a2151d604251c5886f93
fce4f3c6bfa147997143a52da64c2e1421b8870996c79c84986a712493a5b250

secure.winred.com Open in urlscan Pro 2606:4700::6812:9c15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

75 Requests

96 %HTTPS

40 %IPv6

31 Domains

41 Subdomains

37 IPs

1 Countries

1239 kBTransfer

3745 kBSize

46 Cookies

7 Outgoing links

Page URL History

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700::6812:9c15 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

96 %
HTTPS

40 %
IPv6

31
Domains

41
Subdomains

37
IPs

1
Countries

1239 kB
Transfer

3745 kB
Size

46
Cookies

75 HTTP transactions
0 data transactions