secure.winred.com Open in urlscan Pro
2606:4700:10::6814:543 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_ca...
Submission: On April 14 via api (April 14th 2020, 6:17:39 pm UTC) from US

Summary HTTP 54 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 24 IPs in 6 countries across 23 domains to perform 54 HTTP transactions. The main IP is 2606:4700:10::6814:543, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.winred.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on August 14th 2019. Valid for: a year.

This is the only time secure.winred.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:10:... 2606:4700:10::6814:543	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	52.222.150.123 52.222.150.123	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
1	52.222.150.101 52.222.150.101	16509 (AMAZON-02) (AMAZON-02)
2	99.84.94.3 99.84.94.3	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:443	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1288:f03... 2a00:1288:f03d:1fa::2000	10310 (YAHOO-1) (YAHOO-1)
1	52.222.150.245 52.222.150.245	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:310... 2a02:26f0:3100::1735:2a6b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1 1	2600:1f18:730... 2600:1f18:730:b130:5ea9:abf8:d77b:4d4	14618 (AMAZON-AES) (AMAZON-AES)
1	52.72.5.232 52.72.5.232	14618 (AMAZON-AES) (AMAZON-AES)
2	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
54	24

6 2606:4700:10::6814:543 (United States)

ASN13335 (CLOUDFLARENET, US)

secure.winred.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.222.150.123 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-150-123.fra53.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.150.101 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-150-101.fra53.r.cloudfront.net

js.honeybadger.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.94.3 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-94-3.muc50.r.cloudfront.net

d35ligi1n5bgzc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:443 (United States)

ASN13335 (CLOUDFLARENET, US)

app.revv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.150.245 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-150-245.fra53.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:2a6b (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b130:5ea9:abf8:d77b:4d4 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.5.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-5-232.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.226.184 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	stripe.com js.stripe.com	42 KB
6	googleapis.com maps.googleapis.com	193 KB
6	winred.com secure.winred.com	199 KB
4	facebook.com www.facebook.com	393 B
3	liadm.com 1 redirects b-code.liadm.com rp.liadm.com rp4.liadm.com	12 KB
3	yimg.com s.yimg.com	5 KB
3	facebook.net connect.facebook.net	255 KB
3	google.de www.google.de	328 B
3	google.com 2 redirects www.google.com	483 B
3	doubleclick.net 2 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	2 KB
3	google-analytics.com 2 redirects www.google-analytics.com	18 KB
2	snapchat.com tr.snapchat.com
2	bing.com bat.bing.com	8 KB
2	gstatic.com maps.gstatic.com	5 KB
2	googletagmanager.com www.googletagmanager.com	63 KB
2	cloudfront.net d35ligi1n5bgzc.cloudfront.net	645 KB
1	twitter.com analytics.twitter.com	389 B
1	t.co t.co	449 B
1	sc-static.net sc-static.net	6 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleadservices.com www.googleadservices.com	10 KB
1	revv.co app.revv.co	1 KB
1	honeybadger.io js.honeybadger.io	6 KB
54	23

	Domain	Requested by
7	js.stripe.com	secure.winred.com js.stripe.com
6	maps.googleapis.com	secure.winred.com maps.googleapis.com
6	secure.winred.com	secure.winred.com
4	www.facebook.com	secure.winred.com connect.facebook.net
3	s.yimg.com	secure.winred.com js.honeybadger.io
3	connect.facebook.net	secure.winred.com connect.facebook.net
3	www.google.de	secure.winred.com
3	www.google.com	2 redirects secure.winred.com
3	www.google-analytics.com	2 redirects secure.winred.com
2	tr.snapchat.com	www.googletagmanager.com
2	bat.bing.com	www.googletagmanager.com secure.winred.com
2	maps.gstatic.com	secure.winred.com
2	stats.g.doubleclick.net	2 redirects
2	www.googletagmanager.com	secure.winred.com
2	d35ligi1n5bgzc.cloudfront.net	secure.winred.com
1	analytics.twitter.com	static.ads-twitter.com
1	rp4.liadm.com	secure.winred.com
1	rp.liadm.com	1 redirects
1	t.co	secure.winred.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	b-code.liadm.com	www.googletagmanager.com
1	sc-static.net	secure.winred.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	app.revv.co	secure.winred.com
1	js.honeybadger.io	secure.winred.com
54	26

This site contains links to these domains. Also see Links.

Domain
winred.com
bit.ly
www.nrsc.org

Subject Issuer	Validity	Valid
www.winred.com DigiCert SHA2 Extended Validation Server CA	`2019-08-14` - `2020-09-30`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2020-02-12` - `2020-06-03`	4 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
*.honeybadger.io COMODO RSA Domain Validation Secure Server CA	`2017-06-07` - `2020-07-14`	3 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
*.revv.co COMODO RSA Domain Validation Secure Server CA	`2018-10-01` - `2020-10-28`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-04-09` - `2020-05-24`	a month	crt.sh
sc-static.net DigiCert SHA2 Secure Server CA	`2019-03-11` - `2021-03-15`	2 years	crt.sh
b-code.liadm.com DigiCert SHA2 Secure Server CA	`2019-05-17` - `2020-08-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.liadm.com Amazon	`2020-01-17` - `2021-02-17`	a year	crt.sh
tr.snapchat.com DigiCert SHA2 Secure Server CA	`2019-02-19` - `2021-02-23`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
Frame ID: 05624C55E95F7F53A391BA6538723FF2
Requests: 46 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
Frame ID: 555F92181F472586C0ECA0AD68434857
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-6939e707ed72449242ad28283df1d390.html
Frame ID: 3F3AE71BCD8E2CA337D11664275C62A8
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-card-fbfeb5b62d598125b16ab6addef894d6.html
Frame ID: C5BA4FDFF6BB76BB5EB6FC9BEBD561F3
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-6939e707ed72449242ad28283df1d390.html
Frame ID: 714BE81D687918DAC6DE438D9A119F0F
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/payment-request-inner-browser-1cb36c48d7136f3a208e42184fb82386.html
Frame ID: D7D519A70A7D655001FA9560A633F760
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/elements-inner-payment-request-e3601212fea0ebe7db56df0723a777f8.html
Frame ID: 058C90759D047D50C2AEFA2EEF7A38AA
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=5184087d-ebf3-491a-9ed9-4a48a1eee160
Frame ID: DD1D94FE80D95FCEB2607068CAFCB9D4
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: F121C75B1FB3FB41BAEBAA22A9F6014B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

script /\/\/maps\.googleapis\.com\/maps\/api\/js/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 50%
Detected patterns

meta csrf-param /^authenticity_token$/i

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

script /js\.stripe\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

54
Requests

100 %
HTTPS

62 %
IPv6

23
Domains

26
Subdomains

24
IPs

6
Countries

1472 kB
Transfer

3594 kB
Size

16
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://winred.com/terms/donor-terms/
Title: terms of use

Search URL Search Domain Scan URL

URL: https://winred.com/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: http://bit.ly/2Xax3XL
Title: http://bit.ly/2Xax3XL

Search URL Search Domain Scan URL

URL: https://www.nrsc.org/wp-content/uploads/2020/04/NRSC_MAIL_FORM_Plain_OOTMail.pdf
Title: click here to download your form

Search URL Search Domain Scan URL

URL: https://winred.com/
Title: Powered by

Search URL Search Domain Scan URL

URL: https://winred.com/about-our-ads/
Title: About Our Ads

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=466286936&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&ul=en-us&de=UTF-8&dt=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=2090425112&gjid=1620494863&cid=1389831351.1586888240&tid=UA-23419263-1&_gid=1697216555.1586888240&_r=1&z=914559796 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_gid=1697216555.1586888240&gjid=1620494863&_v=j81&z=914559796 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796&slf_rd=1&random=1954984260

Request Chain 26

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=466286936&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&ul=en-us&de=UTF-8&dt=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aEDAAEAB~&jid=1048408291&gjid=565072125&cid=1389831351.1586888240&tid=UA-73658561-7&_gid=1697216555.1586888240&_r=1&gtm=2wg432NTQZ9N&z=1925792491 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_gid=1697216555.1586888240&gjid=565072125&_v=j81&z=1925792491 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491&slf_rd=1&random=2301071816

Request Chain 45

https://rp.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&duid=5fe568a6c8fd--01e5wyhvmmtj4ehrqmxv2cfhn9&se=e30&dtstmp=1586888240956 HTTP 302
https://rp4.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&duid=5fe568a6c8fd--01e5wyhvmmtj4ehrqmxv2cfhn9&se=e30&dtstmp=1586888240956&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

54 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 5x-match-donjr Show response
secure.winred.com/nrsc/ 34 KB
9 KB 552ms
499ms Document
text/html 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d1a21b782b1e98c65e06f25f9a2345ed576ef5c823f7d23a61780d1726acce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: secure.winred.com
:scheme: https
:path: /nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Tue, 14 Apr 2020 18:17:19 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d46546d7999d5c6c862a661324d871e341586888239; expires=Thu, 14-May-20 18:17:19 GMT; path=/; domain=.secure.winred.com; HttpOnly; SameSite=Lax _revv_v3_session=d2IyRC9qenl5OVoyYi8vUDVJUmp5SVhlbkFFMVN2Y1c0Qy9wcGovMlVxZVNnaDcwRVY1bTU5SXZTRGVkT0lOTzlsVnJaNUdTVS9teVpoZjljbmVyMDBHVEJPTFNDWGlUVWpPVzRsRDZ5Q2RaVXFQcWhCaDE5a1pQejNuU2srbHVNSkwweDJEeGs1cXgrQlYxcHVTRUh2SlVDcmZIZi9ibEJsNS9VWjYzUDIvaklrNTJqK25STlJmck1VVEJoZERwcFBBbTl3b0VzelhnTDhkQTBQb2JEZm9acStOS3RQOVI0TUpDTG9sQ3R3cGtJRHpWNVNoRTdYTjNuc2FCeEpRcFNmVmlUNkJ3TDlBMWZNL2lGcjZCUDMrQ1B2RWlVcUNrbDQzamhuTHVQRWh0T2tvWEVzME9oMmNqWDI1MnAvMDVQNXZ1Si94SzRkaDZHd0RMajBnWXVoWkhhYTVUWTZkVUpIajZCc3JsZHBHRmhxTys5Y0k4VlFFdGhFaGwwUDlRT2lXcFNwSTF2Y0dhcENKdzJSMkI5V29VWWNuY0YxWkl1NUdzSFVZKzZaMWlMemVrelpzRWhMTXBHS2U4aVZ3Q1BqUG55T3BkUjY1K1RjakVDT1diT21heXlGQWU1L0dKSmNna2J6TmJGbWJUdnJyb1NHRHhDVmhkY05uQXQyYi9raGl4UjRiZ3RQSlhNbWk1SHA5Mm5Yb2kzbTBoN3pvK25OeVFRZUxyd0lwM2pZc1VySG1CTGpRSzkzSlhBbndwLS0zaks0clBTTytZTmNHWUo5RzA2MmxnPT0%3D--8600e05b4d49fdea62360d2072a973574ff68e30; domain=.winred.com; path=/; HttpOnly; Secure; SameSite=None; Secure
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
x-revv-cache: Hit from Revv
x-request-id: fbfe93eb-0377-4f17-a83b-008308c8be0c
x-runtime: 0.026833
x-rack-cors: miss; no-origin
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 583f6c462cae64c7-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 / Show response
js.stripe.com/v3/ 163 KB
42 KB 89ms
87ms Script
application/javascript 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

080907a466ba3f65586b81a7784294ab72b22d2664cc6676b29435275528f3cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
age: 227
x-cache: Hit from cloudfront
status: 200
last-modified: Mon, 13 Apr 2020 21:18:23 GMT
server: AmazonS3
date: Tue, 14 Apr 2020 18:13:42 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: FRA53
timing-allow-origin: *
x-amz-cf-id: drXOGsbPi_0TOKLqzC7q8fOBFAuepWOhpiUdgFbmjAsaKVNsmtWQhQ==

GET
H2 200 landing_page-61fb339f9ca1c8d831f11dc9d838ce52cded27e7ee25d017ae260db07ea2d78b.css
secure.winred.com/assets/ 198 KB
27 KB 90ms
88ms Stylesheet
text/css 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/landing_page-61fb339f9ca1c8d831f11dc9d838ce52cded27e7ee25d017ae260db07ea2d78b.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

453ca896cc60ea919fa28f7fa26d8c9b8a3c34276c18c0fb93f2703c326bab6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 706165
cf-polished: origSize=205123
status: 200
strict-transport-security: max-age=31536000; includeSubdomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
expires: Fri, 12 Apr 2030 18:17:19 GMT
last-modified: Fri, 27 Mar 2020 21:40:37 GMT
server: cloudflare
etag: W/"5e7e72d5-7651"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: text/css
access-control-expose-headers: ETag
cache-control: public, max-age=315360000
cf-ray: 583f6c49486864c7-FRA
cf-bgj: minify

GET
H2 200 1586833679.css
secure.winred.com/stylesheets/rv_page_swogaGbUUr2xHxgj9nz8xnFH/ 4 KB
1 KB 89ms
88ms Stylesheet
text/css 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/stylesheets/rv_page_swogaGbUUr2xHxgj9nz8xnFH/1586833679.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6226e0cded68755a36f767459d3f4e7ab86f8ca4edf9971a6c1c7b27cf3c3e7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 54515
cf-polished: origSize=3768
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: a1e4d389-6171-49f1-a04d-645adddf0623
x-runtime: 0.021727
cf-bgj: minify
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=31556952
cf-ray: 583f6c49486c64c7-FRA
expires: Thu, 15 Apr 2021 00:06:31 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 122 KB
40 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

7a65d69e994bc9a805f92900d6e5c6c978ffc57918e295f2b79b18267f92e72d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=18
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 40553
x-xss-protection: 0
expires: Tue, 14 Apr 2020 18:47:19 GMT

GET
H2 200 application-landing-page-8f5fcbcfaea75d609c96757f70839731d32fbf9251b22629f22402b87af039fd.js Show response
secure.winred.com/assets/ 533 KB
145 KB 91ms
90ms Script
application/javascript 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.winred.com/assets/application-landing-page-8f5fcbcfaea75d609c96757f70839731d32fbf9251b22629f22402b87af039fd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

266b9ea4ac8a7cba78e73c51fb82cc0245968dbcfa5be115e461f63136b234d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8920
cf-polished: origSize=545446
status: 200
strict-transport-security: max-age=31536000; includeSubdomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
expires: Fri, 12 Apr 2030 18:17:19 GMT
last-modified: Tue, 14 Apr 2020 15:46:39 GMT
server: cloudflare
etag: W/"5e95dadf-2613a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/javascript
access-control-expose-headers: ETag
cache-control: public, max-age=315360000
cf-ray: 583f6c49487a64c7-FRA
cf-bgj: minify

GET
H/1.1 200
OK honeybadger.min.js Show response
js.honeybadger.io/v2.1/ 14 KB
6 KB 203ms
62ms Script
application/javascript 52.222.150.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.honeybadger.io/v2.1/honeybadger.min.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.150.101 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-150-101.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 513df19904398106da5646917f25c2e55ad0c614d7c2bda86f528264407ba644

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 03 Apr 2020 14:51:26 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Mon, 17 Feb 2020 18:40:29 GMT
Server: AmazonS3
Age: 962754
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
x-amz-version-id: KYMYg4MQXNtVNrkMHFbKZmCa7C.DfAVX
Via: 1.1 021f80d2384d9f4998f4098fa306be09.cloudfront.net (CloudFront)
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA53
Content-Type: application/javascript
X-Amz-Cf-Id: rzjMVlkT-iEGqQPHz-rfJHFCbk0ID3gjYL54F-ylnCNlz8tDGQrLsg==

GET
H2 200 default-360x250.png
d35ligi1n5bgzc.cloudfront.net/profiles/images/000/012/048/square/ 21 KB
21 KB 256ms
94ms Image
image/png 99.84.94.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/profiles/images/000/012/048/square/default-360x250.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.84.94.3 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-94-3.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cb28b87224c60965d6b88f2be5c7f51da18ab9b3dc9d53f3e2fa88da8fcc0965

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 14 Apr 2020 18:08:57 GMT
via: 1.1 7e5808188f3301eda7b952b4c6dfa208.cloudfront.net (CloudFront)
last-modified: Wed, 10 Jul 2019 17:18:08 GMT
server: AmazonS3
age: 502
etag: "71b3a0411a50ae5e5ccdb25d3ba1ee95"
x-cache: Hit from cloudfront
x-amz-version-id: HjhLPJ..NOPCgiDFG_hHCQyTIVAsmIy3
status: 200
x-amz-cf-pop: MUC50-C1
accept-ranges: bytes
content-type: image/png
content-length: 21193
x-amz-cf-id: W2VFHw_Ay63QjGH7FMSO7X4T9w-J_rBJjNIoLtkNViIoRQMX2k0qYQ==

GET
H2 200 win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png
secure.winred.com/assets/ 9 KB
9 KB 66ms
64ms Image
image/webp 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 705791
cf-polished: origFmt=png, origSize=11635
status: 200
content-disposition: inline; filename="win-red-mark-small-24c5e97a925e2a929cae4a87ecdfcdf27f56974fd8172bdd34af91145aebca91.webp"
strict-transport-security: max-age=31536000; includeSubdomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 8708
expires: Fri, 12 Apr 2030 18:17:19 GMT
last-modified: Thu, 19 Dec 2019 02:58:19 GMT
server: cloudflare
etag: "5dfae74b-2d73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: image/webp
access-control-expose-headers: ETag
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 583f6c4aa9ba64c7-FRA
cf-bgj: imgq:85

GET
H2 200 win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg
secure.winred.com/assets/ 19 KB
7 KB 66ms
65ms Image
image/svg+xml 2606:4700:10::6814:543
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.winred.com/assets/win-red-full-red-5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:543 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 705792
status: 200
strict-transport-security: max-age=31536000; includeSubdomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Fri, 22 Nov 2019 02:28:29 GMT
server: cloudflare
etag: W/"5dd747cd-1e30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: image/svg+xml
access-control-expose-headers: ETag
cache-control: public, max-age=315360000
cf-ray: 583f6c4aa9bc64c7-FRA
expires: Fri, 12 Apr 2030 18:17:19 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 78 KB
26 KB 63ms
62ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

efdc774b862ba77e384c621fcbb1b6353e37048061551568db43d347c97056dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 26430
x-xss-protection: 0
last-modified: Tue, 14 Apr 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Apr 2020 18:17:19 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
37 KB 64ms
63ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66f5700d1c5a865583c5396e820c4779a0cb0c6ec80c35307740b7632d2a04be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 37593
x-xss-protection: 0
last-modified: Tue, 14 Apr 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Apr 2020 18:17:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 4859
date: Tue, 14 Apr 2020 16:56:20 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Tue, 14 Apr 2020 18:56:20 GMT

GET
H2 200 m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
js.stripe.com/v3/ Frame 555F 0
0 64ms
63ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-a0f6c1465b8d9aab778cf2913d1d3c86.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 238
last-modified: Fri, 28 Feb 2020 23:42:06 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
date: Tue, 14 Apr 2020 18:12:50 GMT
etag: "a0f6c1465b8d9aab778cf2913d1d3c86"
cache-control: public, max-age=300
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: 5g5nfl6b9W7BLXcjiDlpXYKWloMajGZ9bSspGm_VkMWlkff3BFUWmQ==
age: 278

GET
H2 200 Don_Jr-LP-Trump.png
d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/031/098/large/ 623 KB
624 KB 173ms
107ms Image
image/png 99.84.94.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d35ligi1n5bgzc.cloudfront.net/backgrounds/images/000/031/098/large/Don_Jr-LP-Trump.png
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-8f5fcbcfaea75d609c96757f70839731d32fbf9251b22629f22402b87af039fd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.84.94.3 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-94-3.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c250e7ff9b753253cfe3c3e0f447798c755d03c9c41047497e8ddd00fe93f7a

Request headers

Referer: https://secure.winred.com/stylesheets/rv_page_swogaGbUUr2xHxgj9nz8xnFH/1586833679.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 14 Apr 2020 18:08:57 GMT
via: 1.1 7e5808188f3301eda7b952b4c6dfa208.cloudfront.net (CloudFront)
last-modified: Tue, 04 Feb 2020 17:50:11 GMT
server: AmazonS3
age: 502
etag: "ca6967b38a57e794ebb8c66b4b7b33d8"
x-cache: Hit from cloudfront
x-amz-version-id: FubxSL6wNc.S1.iZEiLhjqz7bGXIBqx7
status: 200
x-amz-cf-pop: MUC50-C1
accept-ranges: bytes
content-type: image/png
content-length: 637569
x-amz-cf-id: RmK1oiuvoHfq7oQyAozTulu2hep9knKdizZ6XoMPiT0IQGnjXxqaiQ==

GET
H2 200 controller-6939e707ed72449242ad28283df1d390.html
js.stripe.com/v3/ Frame 3F3A 0
0 68ms
68ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-6939e707ed72449242ad28283df1d390.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/controller-6939e707ed72449242ad28283df1d390.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 345
last-modified: Mon, 13 Apr 2020 21:18:19 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
date: Tue, 14 Apr 2020 18:16:28 GMT
etag: "6939e707ed72449242ad28283df1d390"
cache-control: public, max-age=300
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: B4EdNqxKNdIzNuRjozUJwSP8DKnJcLtkoI-kaQ0TureE5Dfxajrjzg==
age: 162

GET
H2 200 elements-inner-card-fbfeb5b62d598125b16ab6addef894d6.html
js.stripe.com/v3/ Frame C5BA 0
0 95ms
95ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-card-fbfeb5b62d598125b16ab6addef894d6.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/elements-inner-card-fbfeb5b62d598125b16ab6addef894d6.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
last-modified: Mon, 13 Apr 2020 21:18:19 GMT
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
date: Tue, 14 Apr 2020 18:17:19 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: rGVBKXXLLNEPHoVHF15pz_FGqNyUfeJnT-pQkHG7Cq_unHPc4Qmldg==

GET
H2 200 current_with_info Show response
app.revv.co/api/v3/users/ 128 B
1 KB 275ms
187ms XHR
application/vnd.api+json 2606:4700:10::6814:443
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.revv.co/api/v3/users/current_with_info?organization_token=rv_org_6KNvU36Z2qWJ2gfUBWqGZGoc

Requested by

Host: secure.winred.com
URL: https://secure.winred.com/assets/application-landing-page-8f5fcbcfaea75d609c96757f70839731d32fbf9251b22629f22402b87af039fd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:443 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55f925a7d474a7d96af3648a93a138c0ba74ae54b3436e99add4b681c10f39bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-rack-cors-original-access-control-allow-origin: https://secure.winred.com
date: Tue, 14 Apr 2020 18:17:20 GMT
x-rack-cors-original-access-control-max-age: 0
x-rack-cors-original-access-control-allow-credentials: true
cf-cache-status: DYNAMIC
x-rack-cors-original-access-control-allow-methods: GET, POST, OPTIONS
status: 200
access-control-max-age: 0
x-rack-cors-original-access-control-expose-headers
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-request-id: e61cf694-2521-4ccb-91aa-905948d03877
x-runtime: 0.009896
server: cloudflare
etag: W/"55f925a7d474a7d96af3648a93a138c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/vnd.api+json
access-control-allow-origin: https://secure.winred.com
vary: Origin
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 583f6c4c7c4ad6b1-FRA
x-rack-cors: hit
x-content-type-options: nosniff
access-control-expose-headers

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/40/8b/ 77 KB
28 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/40/8b/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9505db2a8e08b15858f6a312e8435d83adeeafa51f65e8164c71659812274ff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 06:46:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Apr 2020 20:42:41 GMT
server: sffe
age: 41473
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28924
x-xss-protection: 0
expires: Wed, 14 Apr 2021 06:46:07 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/40/8b/ 143 KB
53 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/40/8b/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee513270626102c08be471f0dbfe4e82d144d0ff4649a27db1b446b2880d7218

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 08 Apr 2020 22:29:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Apr 2020 20:42:41 GMT
server: sffe
age: 503275
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 54036
x-xss-protection: 0
expires: Thu, 08 Apr 2021 22:29:25 GMT

GET
H2 200 controls.js Show response
maps.googleapis.com/maps-api-v3/api/js/40/8b/ 208 KB
56 KB 18ms
11ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/40/8b/controls.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

998a3aa62a66166d68a781f7c802927d335c200aa0f947477cd8a99a16d8361b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 08 Apr 2020 22:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Apr 2020 20:42:41 GMT
server: sffe
age: 503274
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 57610
x-xss-protection: 0
expires: Thu, 08 Apr 2021 22:29:26 GMT

GET
H2 200 places_impl.js Show response
maps.googleapis.com/maps-api-v3/api/js/40/8b/ 41 KB
16 KB 14ms
10ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/40/8b/places_impl.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68f8f86c49beaf75717e1a7219764e149364769d850c407ada3534f8654c529b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 08 Apr 2020 22:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Apr 2020 20:42:41 GMT
server: sffe
age: 503274
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 16205
x-xss-protection: 0
expires: Thu, 08 Apr 2021 22:29:26 GMT

GET
H2 200 controller-6939e707ed72449242ad28283df1d390.html
js.stripe.com/v3/ Frame 714B 0
0 89ms
75ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-6939e707ed72449242ad28283df1d390.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/controller-6939e707ed72449242ad28283df1d390.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 345
last-modified: Mon, 13 Apr 2020 21:18:19 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
date: Tue, 14 Apr 2020 18:16:28 GMT
etag: "6939e707ed72449242ad28283df1d390"
cache-control: public, max-age=300
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: fQgyE7hUxOYZ9g5MptKx8jNJgJZL4_WG1L3tOpqV8f-GnKx7_VQ-qQ==
age: 163

GET
H2 200 payment-request-inner-browser-1cb36c48d7136f3a208e42184fb82386.html
js.stripe.com/v3/ Frame D7D5 0
0 88ms
80ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/payment-request-inner-browser-1cb36c48d7136f3a208e42184fb82386.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/payment-request-inner-browser-1cb36c48d7136f3a208e42184fb82386.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 366
last-modified: Mon, 13 Apr 2020 21:18:19 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
date: Tue, 14 Apr 2020 18:17:20 GMT
etag: "1cb36c48d7136f3a208e42184fb82386"
cache-control: public, max-age=300
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: R0DrMQKRe7O4jzYMPP_IwR56OpOdcuvUk0IgD0Vdr-ZbUhS334AeAg==

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=466286936&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_gid=1697216555.1586888240&gjid=1620494863&_v=j81&z=914559796
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796&slf_rd=1&random=1954984260

42 B
109 B

60ms
0ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796&slf_rd=1&random=1954984260

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-23419263-1&cid=1389831351.1586888240&jid=2090425112&_v=j81&z=914559796&slf_rd=1&random=1954984260
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 powered-by-google-on-white3.png
maps.gstatic.com/mapfiles/api-3/images/ 2 KB
2 KB 16ms
15ms Image
image/png 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/powered-by-google-on-white3.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Oct 2019 23:15:00 GMT
server: sffe
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1616
x-xss-protection: 0
expires: Tue, 14 Apr 2020 18:17:20 GMT

GET
H2 200 autocomplete-icons.png
maps.gstatic.com/mapfiles/api-3/images/ 3 KB
3 KB 17ms
15ms Image
image/png 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maps.gstatic.com/mapfiles/api-3/images/autocomplete-icons.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 17 Oct 2019 23:15:00 GMT
server: sffe
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: private, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 3351
x-xss-protection: 0
expires: Tue, 14 Apr 2020 18:17:20 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=466286936&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_gid=1697216555.1586888240&gjid=565072125&_v=j81&z=1925792491
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491&slf_rd=1&random=2301071816

42 B
109 B

79ms
16ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491&slf_rd=1&random=2301071816

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-73658561-7&cid=1389831351.1586888240&jid=1048408291&_v=j81&z=1925792491&slf_rd=1&random=2301071816
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 28 KB
10 KB 165ms
94ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f2.1e100.net

Software

cafe /

Resource Hash

c5db692833cd41ac3b3434028106f81fbd15893a88364515a91bd0a6154c67fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 10613
x-xss-protection: 0
server: cafe
etag: 11690200586538250840
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 14 Apr 2020 18:17:20 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 303ms
96ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
content-encoding: gzip
age: 36163
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19170-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1586888241.784174,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 bat.js Show response
bat.bing.com/ 25 KB
8 KB 100ms
84ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
content-encoding: gzip
last-modified: Mon, 13 Apr 2020 22:01:50 GMT
x-msedge-ref: Ref A: 4671046544FE45AF98BF024F707DB2F0 Ref B: FRAEDGE1108 Ref C: 2020-04-14T18:17:20Z
status: 200
etag: "0db222df11d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7610

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 21ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: wQBxzDhfE1mGppLXYl8SO96zMy2RoCu7H5muwizW0OFBVdWqfAwxiHGN8FtZfjioRPpr6qkYxikJ7GdeJdlNDg==
x-fb-trip-id: 2000377899
x-frame-options: DENY
date: Tue, 14 Apr 2020 18:17:20 GMT, Tue, 14 Apr 2020 18:17:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 13 KB
5 KB 35ms
21ms Script
application/javascript 2a00:1288:f03d:1fa::2000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

d9ba2fe346685d07142d6c944b479f618a6f3b0a9b058c79433c07f009e9792e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:04:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 757
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
x-amz-request-id: 42496B9FD0F91E8B
x-amz-id-2: JceQovGqs9PCD4s/0k8DmI6vruKBoMI/p/ANc63H3sDatpEyb/mbFRygBB9CT6YuKYDYie2GNRo=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sun, 16 May 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Fri, 10 Apr 2020 10:33:05 GMT
server: ATS
etag: "a6ebaab89ee43301f694e6d7f8f870f4-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: iJ88aQmZeeYN2rtk1nRvnyopffWWswFa
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 scevent.min.js Show response
sc-static.net/ 13 KB
6 KB 300ms
96ms Script
application/javascript 52.222.150.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.150.245 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-150-245.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e93047ab88ddf3a33047a506b4a7594914e84fcf5ebac4b2723739e728e284b5

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 13 Apr 2020 20:45:02 GMT
content-encoding: gzip
last-modified: Tue, 25 Feb 2020 22:48:01 GMT
server: AmazonS3
age: 77538
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, s-maxage=86400, max-age=600
x-amz-cf-pop: FRA53
x-amz-cf-id: etkFTgqo2Y3lO_xi_jkh7yiuKRq5Y3buYH8_RePkHkuBpbaBiozlXg==
via: 1.1 1d0fc03b30809d10a25a905ba30d8170.cloudfront.net (CloudFront)

GET
H2 200 a-00r9.min.js Show response
b-code.liadm.com/ 28 KB
10 KB 95ms
67ms Script
application/javascript 2a02:26f0:3100::1735:2a6b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-00r9.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52RXXMH
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:2a6b , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: c18dbf3210ecdfa81dcc87efaaf1103a4d9a9a759900fbc41c259794ba69f8c2

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT
content-encoding: gzip
last-modified: Wed, 18 Mar 2020 09:38:34 GMT
etag: "e47e4afdb4604467aa1ebd52390750d5"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=3097
accept-ranges: bytes
content-length: 10475

GET
H2 200 1877534775869068 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 36ms
21ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1877534775869068?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a69e258a675141d06fee2e5f824a3d34482b6555d64ade6bf93295528863fc69

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 114948
x-xss-protection: 0
pragma: public
x-fb-debug: zWjmSD+Ajx47Gm+4FsKxaZxj2AET0dyjb6G42TttoUArOnXRfRw15hTxtZmrtXExO0hPC9tx1h8M3XF8k+Z/fg==
x-fb-trip-id: 2000377899
x-frame-options: DENY
date: Tue, 14 Apr 2020 18:17:20 GMT, Tue, 14 Apr 2020 18:17:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 elements-inner-payment-request-e3601212fea0ebe7db56df0723a777f8.html
js.stripe.com/v3/ Frame 058C 0
0 94ms
91ms Document
text/html 52.222.150.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/elements-inner-payment-request-e3601212fea0ebe7db56df0723a777f8.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.222.150.123 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-150-123.fra53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/elements-inner-payment-request-e3601212fea0ebe7db56df0723a777f8.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
content-type: text/html; charset=utf-8
last-modified: Mon, 13 Apr 2020 21:18:23 GMT
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
content-encoding: gzip
date: Tue, 14 Apr 2020 18:17:20 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53
x-amz-cf-id: TmH-_N7aHbNNYBQ_2xdf7ZOE_tX9ltv_dbnISAL8YpaF1IABwH5-8w==

GET
H2 204 0
bat.bing.com/action/ 0
93 B 80ms
77ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5576699&Ver=2&mid=07ee3961-4b22-4803-555d-a4cf13bb1ae5&sid=e4cf0782-1e91-3e05-1006-9c8b7539f3b9&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&p=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&r=&lt=1074&evt=pageLoad&msclkid=N&sv=1&rn=30925
Requested by: Host: secure.winred.com
URL: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: C15BDEC148294A7E926D743DEACEFAD0 Ref B: FRAEDGE1108 Ref C: 2020-04-14T18:17:20Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10060016.json Show response
s.yimg.com/wi/config/ 2 B
173 B 77ms
74ms XHR
application/json 2a00:1288:f03d:1fa::2000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10060016.json

Requested by

Host: js.honeybadger.io
URL: https://js.honeybadger.io/v2.1/honeybadger.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:08:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503
status: 200
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: D78ACFAAB95BDAA2
x-amz-id-2: KZnzJqYXC1c9ercwcyTQkqPYZ1U1NY9VHQI7RZyVgIKlqg/2UOljm3WhHxxh7rxT0U2CNimMYS4=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 22

GET
H2 200 10099393.json Show response
s.yimg.com/wi/config/ 2 B
172 B 76ms
73ms XHR
application/json 2a00:1288:f03d:1fa::2000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10099393.json

Requested by

Host: js.honeybadger.io
URL: https://js.honeybadger.io/v2.1/honeybadger.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 504
status: 200
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: 717AD47B7FA48BE9
x-amz-id-2: kVt7oPjYr0IGCp8r9pTg7loxm9x+Adqa8M4PIgzmm4A6FPXFTmYJj4zlmbO2q7Ibr/CEszWE2fU=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 22

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/ 3 KB
1 KB 75ms
72ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/863113746/?random=1586888240770&cv=9&fst=1586888240770&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&tiba=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d3f1d13554b482adc05e2d90e34ab960a437d83551e59b88d81218227a9574b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1180
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 216879376138762 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 21ms
14ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/216879376138762?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

936b0e0074ff4e558840a9a6e6a97d7b2e4ab531245fbfeb53f3c8f53336a373

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 114931
x-xss-protection: 0
pragma: public
x-fb-debug: R0A7iPGi1Q6E6vf+n8NlZeCcakkMaZF/U1K3cojobiFg0YObzMd2nQDAZE2HSjeX3LkryHNPzmaLpgQztvF/dA==
x-fb-trip-id: 2000377899
x-frame-options: DENY
date: Tue, 14 Apr 2020 18:17:20 GMT, Tue, 14 Apr 2020 18:17:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
152 B 27ms
20ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1877534775869068&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&rl=&if=false&ts=1586888240876&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1586888240871.1518417397&it=1586888240593&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:20 GMT, Tue, 14 Apr 2020 18:17:20 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 14 Apr 2020 18:17:20 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/863113746/ 42 B
114 B 62ms
60ms Image
image/gif 2a00:1450:4001:820::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/863113746/?random=1586888240770&cv=9&fst=1586887200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&tiba=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&async=1&fmt=3&is_vtc=1&random=1151493892&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/863113746/ 42 B
110 B 61ms
60ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/863113746/?random=1586888240770&cv=9&fst=1586887200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg432&sendb=1&frm=0&url=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&tiba=Join%20Donald%20Trump%20Jr.%20in%20Defending%20President%20Trump%27s%20Majority&async=1&fmt=3&is_vtc=1&random=1151493892&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
449 B 290ms
170ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 110
pragma: no-cache
last-modified: Tue, 14 Apr 2020 18:17:21 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 6da2d3ab47f01fece6f3f4b8757076a5
x-transaction: 004b8153007406fd
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5C...
https://rp4.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5...

43 B
512 B

143ms
143ms

Image
image/gif

52.72.5.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rp4.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&duid=5fe568a6c8fd--01e5wyhvmmtj4ehrqmxv2cfhn9&se=e30&dtstmp=1586888240956&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.72.5.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-72-5-232.compute-1.amazonaws.com

Software

nginx/1.16.1 /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.winred.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:21 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.16.1
vary: Origin
x-frame-options: DENY
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
content-security-policy: default-src 'self'
strict-transport-security: max-age=31536000; includeSubDomains
request-time: 0
content-length: 43
x-content-type-options: nosniff

Redirect headers

date: Tue, 14 Apr 2020 18:17:21 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.16.1
request-time: 0
status: 302
x-frame-options: DENY
location: https://rp4.liadm.com/p?tna=v1.1.1&aid=a-00r9&wpn=lc-bundle&pu=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&duid=5fe568a6c8fd--01e5wyhvmmtj4ehrqmxv2cfhn9&se=e30&dtstmp=1586888240956&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
content-security-policy: default-src 'self'
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
content-length: 0
x-content-type-options: nosniff

GET
H2 200 i
tr.snapchat.com/cm/ Frame DD1D 0
0 258ms
94ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=5184087d-ebf3-491a-9ed9-4a48a1eee160

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: tr.snapchat.com
:scheme: https
:path: /cm/i?pid=5184087d-ebf3-491a-9ed9-4a48a1eee160
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
server: nginx/1.17.3
date: Tue, 14 Apr 2020 18:17:21 GMT
content-type: text/html
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

POST
H2 200 p
tr.snapchat.com/ Frame F121 0
0 253ms
103ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQZ9N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: tr.snapchat.com
:scheme: https
:path: /p
content-length: 571
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://secure.winred.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://secure.winred.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150

Response headers

status: 200
server: nginx/1.17.3
date: Tue, 14 Apr 2020 18:17:21 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIQgDwIlIQIGWcVB/C4b/u93s97YKUBAvhpy7WlKTbfBAfTMWTJLLbfQH3m2HzDIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 /
www.facebook.com/tr/ 44 B
152 B 48ms
48ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=216879376138762&ev=PageView&dl=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&rl=&if=false&ts=1586888241001&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1586888240871.1518417397&it=1586888240593&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:21 GMT, Tue, 14 Apr 2020 18:17:21 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 14 Apr 2020 18:17:21 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
54 B 21ms
20ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygRg8i3qFFVtCFN4V

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 14 Apr 2020 18:17:21 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0

POST
H2 200 /
www.facebook.com/tr/ 0
35 B 7ms
7ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6XUkEoBEUmj5ayFU

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 14 Apr 2020 18:17:21 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://secure.winred.com
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
389 B 195ms
194ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o09rg&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 18:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 130
pragma: no-cache
last-modified: Tue, 14 Apr 2020 18:17:21 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 30bfbdabe18d196a471122a8cba0373a
x-transaction: 00d714f40096e187
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
131 B 24ms
24ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fsecure.winred.com%2Fnrsc%2F5x-match-donjr%3Fsc%3Dpem51029m12m%5Cu0026utm_medium%3Demail%5Cu0026utm_source%3DUSA-GOP-XX%5Cu0026utm_campaign%3D20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content%3D20200410_areyoustillwithus_body_button_150%5Cu0026action%3Demail_click%5Cu0026ha1%3D%5Cu0026amount%3D150&4sAIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&callback=_xdc_._5e8jz5&key=AIzaSyAy0kD_qWlvwPwUm8rEqw8VqasaKCwd3I4&token=84119

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/40/8b/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

f97e7d8f72fd7892363948f0aaae053841a4b90070253718a8234ecb547ef8f9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m\u0026utm_medium=email\u0026utm_source=USA-GOP-XX\u0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr\u0026utm_content=20200410_areyoustillwithus_body_button_150\u0026action=email_click\u0026ha1=\u0026amount=150
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Apr 2020 18:17:24 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=10
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.snapchat.com/	1970-01-19 18:09:44	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBgQ0AIQgDwIlIQIGWcVB/C4b/u93s97YKUBAvhpy7WlKTbfBAfTMWTJLLbfQH3m2HzDIAAAA=
.winred.com/	1970-01-20 02:19:20	Name: _lc2_fpi Value: 5fe568a6c8fd--01e5wyhvmmtj4ehrqmxv2cfhn9
.winred.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .winred.com
.secure.winred.com/	1970-01-19 09:31:20	Name: __cfduid Value: d46546d7999d5c6c862a661324d871e341586888239
.winred.com/	1970-01-19 08:48:10	Name: _uetsid Value: _uete4cf0782-1e91-3e05-1006-9c8b7539f3b9
secure.winred.com/	1969-12-31 23:59:59	Name: sso_tries Value: 1
.winred.com/	1970-01-19 08:49:34	Name: _gid Value: GA1.2.1697216555.1586888240
.winred.com/	1970-01-20 02:19:20	Name: _ga Value: GA1.2.1389831351.1586888240
.winred.com/	1970-01-19 08:48:08	Name: _gat Value: 1
.winred.com/	1969-12-31 23:59:59	Name: _revv_v3_session Value: d2IyRC9qenl5OVoyYi8vUDVJUmp5SVhlbkFFMVN2Y1c0Qy9wcGovMlVxZVNnaDcwRVY1bTU5SXZTRGVkT0lOTzlsVnJaNUdTVS9teVpoZjljbmVyMDBHVEJPTFNDWGlUVWpPVzRsRDZ5Q2RaVXFQcWhCaDE5a1pQejNuU2srbHVNSkwweDJEeGs1cXgrQlYxcHVTRUh2SlVDcmZIZi9ibEJsNS9VWjYzUDIvaklrNTJqK25STlJmck1VVEJoZERwcFBBbTl3b0VzelhnTDhkQTBQb2JEZm9acStOS3RQOVI0TUpDTG9sQ3R3cGtJRHpWNVNoRTdYTjNuc2FCeEpRcFNmVmlUNkJ3TDlBMWZNL2lGcjZCUDMrQ1B2RWlVcUNrbDQzamhuTHVQRWh0T2tvWEVzME9oMmNqWDI1MnAvMDVQNXZ1Si94SzRkaDZHd0RMajBnWXVoWkhhYTVUWTZkVUpIajZCc3JsZHBHRmhxTys5Y0k4VlFFdGhFaGwwUDlRT2lXcFNwSTF2Y0dhcENKdzJSMkI5V29VWWNuY0YxWkl1NUdzSFVZKzZaMWlMemVrelpzRWhMTXBHS2U4aVZ3Q1BqUG55T3BkUjY1K1RjakVDT1diT21heXlGQWU1L0dKSmNna2J6TmJGbWJUdnJyb1NHRHhDVmhkY05uQXQyYi9raGl4UjRiZ3RQSlhNbWk1SHA5Mm5Yb2kzbTBoN3pvK25OeVFRZUxyd0lwM2pZc1VySG1CTGpRSzkzSlhBbndwLS0zaks0clBTTytZTmNHWUo5RzA2MmxnPT0%3D--8600e05b4d49fdea62360d2072a973574ff68e30
.winred.com/	1970-01-19 10:57:44	Name: _fbp Value: fb.1.1586888240871.1518417397
secure.winred.com/	1969-12-31 23:59:59	Name: origin_url Value: https://secure.winred.com/nrsc/5x-match-donjr?sc=pem51029m12m%5Cu0026utm_medium=email%5Cu0026utm_source=USA-GOP-XX%5Cu0026utm_campaign=20200410_USA-GOP-XX_DonaldTrumpJr%5Cu0026utm_content=20200410_areyoustillwithus_body_button_150%5Cu0026action=email_click%5Cu0026ha1=%5Cu0026amount=150
.winred.com/	1970-01-19 18:17:54	Name: _scid Value: 6e99a78b-b116-42e5-8d87-7fcf07ccc90c
.secure.winred.com/	1970-01-19 08:48:10	Name: __stripe_sid Value: de1b0439-399a-43c1-a405-29181b34cdf0
.winred.com/	1970-01-19 08:48:08	Name: _gat_UA-73658561-7 Value: 1
.secure.winred.com/	1970-01-19 17:33:44	Name: __stripe_mid Value: b888a492-2820-4580-a8f2-92dd899b002e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
app.revv.co
b-code.liadm.com
bat.bing.com
connect.facebook.net
d35ligi1n5bgzc.cloudfront.net
googleads.g.doubleclick.net
js.honeybadger.io
js.stripe.com
maps.googleapis.com
maps.gstatic.com
rp.liadm.com
rp4.liadm.com
s.yimg.com
sc-static.net
secure.winred.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tr.snapchat.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.244.42.131
104.244.42.197
151.101.12.157
172.217.23.130
2600:1f18:730:b130:5ea9:abf8:d77b:4d4
2606:4700:10::6814:443
2606:4700:10::6814:543
2620:1ec:c11::200
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2003
2a00:1450:4001:814::200a
2a00:1450:4001:818::2002
2a00:1450:4001:818::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2008
2a00:1450:4001:820::2004
2a00:1450:400c:c00::9c
2a02:26f0:3100::1735:2a6b
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.186.226.184
52.222.150.101
52.222.150.123
52.222.150.245
52.72.5.232
99.84.94.3
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3
080907a466ba3f65586b81a7784294ab72b22d2664cc6676b29435275528f3cb
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
266b9ea4ac8a7cba78e73c51fb82cc0245968dbcfa5be115e461f63136b234d0
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
36f0bf882a876b13aeb20cf7a495421a43f336da5422072a58f58ce303fb6284
3c250e7ff9b753253cfe3c3e0f447798c755d03c9c41047497e8ddd00fe93f7a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453ca896cc60ea919fa28f7fa26d8c9b8a3c34276c18c0fb93f2703c326bab6a
513df19904398106da5646917f25c2e55ad0c614d7c2bda86f528264407ba644
55f925a7d474a7d96af3648a93a138c0ba74ae54b3436e99add4b681c10f39bc
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5c68c8aaba76ec9fb516f84adaf0f4b53240d5730f4ab8339417725a536ea848
5d1a21b782b1e98c65e06f25f9a2345ed576ef5c823f7d23a61780d1726acce0
6226e0cded68755a36f767459d3f4e7ab86f8ca4edf9971a6c1c7b27cf3c3e7a
66f5700d1c5a865583c5396e820c4779a0cb0c6ec80c35307740b7632d2a04be
68f8f86c49beaf75717e1a7219764e149364769d850c407ada3534f8654c529b
6d3f1d13554b482adc05e2d90e34ab960a437d83551e59b88d81218227a9574b
7a65d69e994bc9a805f92900d6e5c6c978ffc57918e295f2b79b18267f92e72d
936b0e0074ff4e558840a9a6e6a97d7b2e4ab531245fbfeb53f3c8f53336a373
9505db2a8e08b15858f6a312e8435d83adeeafa51f65e8164c71659812274ff3
998a3aa62a66166d68a781f7c802927d335c200aa0f947477cd8a99a16d8361b
a69e258a675141d06fee2e5f824a3d34482b6555d64ade6bf93295528863fc69
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c18dbf3210ecdfa81dcc87efaaf1103a4d9a9a759900fbc41c259794ba69f8c2
c5db692833cd41ac3b3434028106f81fbd15893a88364515a91bd0a6154c67fa
cb28b87224c60965d6b88f2be5c7f51da18ab9b3dc9d53f3e2fa88da8fcc0965
cd80d0dcb2a44bd30c11fcdf13d4c280f336dad9442ee7da79146f2bb77381a4
d9ba2fe346685d07142d6c944b479f618a6f3b0a9b058c79433c07f009e9792e
db209390b90b70f4b1ef3540cb581e4ec8edbba21980971b68e4aef5c5d352fb
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93047ab88ddf3a33047a506b4a7594914e84fcf5ebac4b2723739e728e284b5
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ee513270626102c08be471f0dbfe4e82d144d0ff4649a27db1b446b2880d7218
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efdc774b862ba77e384c621fcbb1b6353e37048061551568db43d347c97056dc
f97e7d8f72fd7892363948f0aaae053841a4b90070253718a8234ecb547ef8f9

secure.winred.com Open in urlscan Pro 2606:4700:10::6814:543 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

54 Requests

100 %HTTPS

62 %IPv6

23 Domains

26 Subdomains

24 IPs

6 Countries

1472 kBTransfer

3594 kBSize

16 Cookies

6 Outgoing links

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

secure.winred.com Open in urlscan Pro
2606:4700:10::6814:543 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

100 %
HTTPS

62 %
IPv6

23
Domains

26
Subdomains

24
IPs

6
Countries

1472 kB
Transfer

3594 kB
Size

16
Cookies

54 HTTP transactions
0 data transactions