welcome.us Open in urlscan Pro
2606:4700::6812:12d3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://communityengagement.cmail20.com/t/j-l-eudddlt-dhdkitghl-s/
Effective URL:
https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Submission: On November 23 via api (November 23rd 2024, 5:38:16 pm UTC) from RU — Scanned from DE

Summary HTTP 83 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 14 domains to perform 83 HTTP transactions. The main IP is 2606:4700::6812:12d3, located in United States and belongs to CLOUDFLARENET, US. The main domain is welcome.us.
TLS certificate: Issued by WE1 on October 13th 2024. Valid for: 3 months.

This is the only time welcome.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.196.121.95 18.196.121.95	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700::68... 2606:4700::6812:13d3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 41	2606:4700::68... 2606:4700::6812:12d3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:5::17d8:4d45	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
6	2a02:26f0:350... 2a02:26f0:3500:5::17d8:4d48	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
11	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	54.155.98.249 54.155.98.249	16509 (AMAZON-02) (AMAZON-02)
1	13.35.58.128 13.35.58.128	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.72 18.66.122.72	16509 (AMAZON-02) (AMAZON-02)
83	20

1 18.196.121.95 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-121-95.eu-central-1.compute.amazonaws.com

communityengagement.cmail20.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:13d3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ukraine.welcome.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2606:4700::6812:12d3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

welcome.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:5::17d8:4d45 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:3500:5::17d8:4d48 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.98.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-98-249.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.58.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-128.fra60.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-72.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	welcome.us 2 redirects ukraine.welcome.us welcome.us	1 MB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	560 KB
8	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2604 tracking.crazyegg.com — Cisco Umbrella Rank: 4586 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5885 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5780	42 KB
7	typekit.net p.typekit.net — Cisco Umbrella Rank: 571 use.typekit.net — Cisco Umbrella Rank: 460	154 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	10 KB
3	google.com 1 redirects translate.google.com — Cisco Umbrella Rank: 1113 www.google.com — Cisco Umbrella Rank: 3	29 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	217 B
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	74 KB
1	google.de www.google.de — Cisco Umbrella Rank: 10745	64 B
1	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	24 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 96	3 KB
1	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 912	74 KB
1	cmail20.com 1 redirects communityengagement.cmail20.com	474 B
83	14

	Domain	Requested by
41	welcome.us	1 redirects welcome.us
11	www.googletagmanager.com	welcome.us www.googletagmanager.com
6	use.typekit.net	welcome.us
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
3	www.gstatic.com	www.gstatic.com
2	tracking.crazyegg.com	script.crazyegg.com
2	www.facebook.com
2	region1.google-analytics.com	www.googletagmanager.com
2	connect.facebook.net	welcome.us connect.facebook.net
2	www.google.com	1 redirects www.googletagmanager.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	www.google.de
1	googleads.g.doubleclick.net	1 redirects
1	fonts.gstatic.com
1	www.googleadservices.com	www.googletagmanager.com
1	translate.googleapis.com
1	translate.google.com	welcome.us
1	p.typekit.net	welcome.us
1	ukraine.welcome.us	1 redirects
1	communityengagement.cmail20.com	1 redirects
83	21

This site contains links to these domains. Also see Links.

Domain
engage.welcome.us
welcome-us.zoom.us
translate.google.com
www.facebook.com
twitter.com
www.acf.hhs.gov
www.uscis.gov
www.dhs.gov
ukraine.welcome.us
bit.ly
x.com
instagram.com
youtube.com
www.idealist.org

Subject Issuer	Validity	Valid
welcome.us WE1	`2024-10-13` - `2025-01-11`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-17` - `2025-11-17`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
script.crazyegg.com Cloudflare Inc ECC CA-3	`2024-08-02` - `2024-12-31`	5 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-01` - `2024-11-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.googleadservices.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
crazyegg.com Amazon RSA 2048 M03	`2024-05-24` - `2025-06-23`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Frame ID: 4B8753581C6DE0839603BE8FB2A2A113
Requests: 80 HTTP requests in this frame

Frame: https://welcome.us/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js
Frame ID: EF63E112B8F3E2F1E90B80FB81AF1193
Requests: 3 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwelcome.us
Frame ID: E3BECE04AE7793AA0F05EB2A3B4F2FE6
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 0382FD4BA624EF461560E22CB2D202DD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome.US | FAQ: Uniting for Ukraine u4u program sponsor responsibility

Page URL History Show full URLs

https://communityengagement.cmail20.com/t/j-l-eudddlt-dhdkitghl-s/ HTTP 302
https://ukraine.welcome.us/ HTTP 301
https://welcome.us/explainers/sponsor-faqs-for-ukrainians Page URL

Detected technologies

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

83
Requests

95 %
HTTPS

76 %
IPv6

14
Domains

21
Subdomains

20
IPs

3
Countries

1983 kB
Transfer

4819 kB
Size

10
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://engage.welcome.us/a/donate
Title: Donate to Welcome.US

Search URL Search Domain Scan URL

URL: https://welcome-us.zoom.us/webinar/register/2517319503744/WN_NhBLJXRzTTy1-yUWGa0e_g?utm_source=ea&utm_medium=email&utm_campaign=20241118-election-postevent2-na&nvep=&hmac=&emci=1f8a0282-eba5-ef11-88d0-6045bdd62db6&emdi=ea000000-0000-0000-0000-000000000001&ceid=#/registration
Title: Register today

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Google Übersetzer

Search URL Search Domain Scan URL

URL: https://engage.welcome.us/a/donate-1
Title: DONATE

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Title: X

Search URL Search Domain Scan URL

URL: https://www.acf.hhs.gov/orr/ukrainian-assistance-resources
Title: Learn more about those programs.

Search URL Search Domain Scan URL

URL: https://www.uscis.gov/ukraine
Title: USCIS

Search URL Search Domain Scan URL

URL: https://www.dhs.gov/ukraine
Title: DHS

Search URL Search Domain Scan URL

URL: https://www.acf.hhs.gov/orr
Title: Office of Refugee Resettlement

Search URL Search Domain Scan URL

URL: https://ukraine.welcome.us/connect
Title: Welcome Connect

Search URL Search Domain Scan URL

URL: https://bit.ly/44LEIvF
Title: Access all FAQs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/welcome.us/

Search URL Search Domain Scan URL

URL: https://x.com/welcomeus/

Search URL Search Domain Scan URL

URL: https://instagram.com/welcome.us/

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCXu11PiTkd0-Xg4b03PI68Q

Search URL Search Domain Scan URL

URL: https://www.idealist.org/en/nonprofit/be5f217117024da2aa8a1b35e7d8596a-welcomeus-new-york
Title: Careers with Welcome.US

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://communityengagement.cmail20.com/t/j-l-eudddlt-dhdkitghl-s/ HTTP 302
https://ukraine.welcome.us/ HTTP 301
https://welcome.us/explainers/sponsor-faqs-for-ukrainians Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://welcome.us/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://welcome.us/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js

Request Chain 71

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&eitems=ChAIgJeGugYQ7P-LjYrNxv8dEh0AYQ-sTW1LCO0GlOiACehw9TWfutp4YGdgmYt9OA&pscrd=IhMI9MyTtf_yiQMVKJb9Bx18iSTEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhNodHRwczovL3dlbGNvbWUudXMvQldDaEFJZ0plR3VnWVE1b3YyanRQQjM4azJFaTBBOHRGTGhyeTU1THFDNUNHT3NrLVJSbkRFR3dmV1djOUNMbG9ZV282NktmNlpLanFfUE1iLTJTMVp2TXM HTTP 302
https://www.google.com/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI9MyTtf_yiQMVKJb9Bx18iSTEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhNodHRwczovL3dlbGNvbWUudXMvQldDaEFJZ0plR3VnWVE1b3YyanRQQjM4azJFaTBBOHRGTGhyeTU1THFDNUNHT3NrLVJSbkRFR3dmV1djOUNMbG9ZV282NktmNlpLanFfUE1iLTJTMVp2TXM&is_vtc=1&cid=CAQSGwCa7L7d5y3dk93rea8lTkgPVzAteLVkJqCIeA&eitems=ChAIgJeGugYQ7P-LjYrNxv8dEh0AYQ-sTWDNr7eF4cFeqkzGPn3KfI9ts1-R0y-P0A&random=3057455180 HTTP 302
https://www.google.de/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI9MyTtf_yiQMVKJb9Bx18iSTEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhNodHRwczovL3dlbGNvbWUudXMvQldDaEFJZ0plR3VnWVE1b3YyanRQQjM4azJFaTBBOHRGTGhyeTU1THFDNUNHT3NrLVJSbkRFR3dmV1djOUNMbG9ZV282NktmNlpLanFfUE1iLTJTMVp2TXM&is_vtc=1&cid=CAQSGwCa7L7d5y3dk93rea8lTkgPVzAteLVkJqCIeA&eitems=ChAIgJeGugYQ7P-LjYrNxv8dEh0AYQ-sTWDNr7eF4cFeqkzGPn3KfI9ts1-R0y-P0A&random=3057455180&ipr=y

83 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request sponsor-faqs-for-ukrainians Show response
welcome.us/explainers/
Redirect Chain

https://communityengagement.cmail20.com/t/j-l-eudddlt-dhdkitghl-s/
https://ukraine.welcome.us/
https://welcome.us/explainers/sponsor-faqs-for-ukrainians

255 KB
35 KB

450ms
381ms

Document
text/html

2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c641bb015f4181b334d8c210ef0dc83ea2419d5e209f1effd0141e73d5f5f984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=5, stale-while-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8e72ee6e58009766-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 23 Nov 2024 17:38:10 GMT
server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
x-nextjs-cache: STALE

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8e72ee6bb981dc6e-FRA
content-type: text/html
date: Sat, 23 Nov 2024 17:38:10 GMT
location: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
priority: u=0,i
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 dd6d3e45a6d09f51-s.p.woff2
welcome.us/_next/static/media/ 51 KB
51 KB 42ms
40ms Font
font/woff2 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/media/dd6d3e45a6d09f51-s.p.woff2

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82689b283827f22b0ad5d37f09d727f170669c3c2c41730e84f2edea7167c700

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: W/"ccd4-1926cb0b508"
age: 1899044
cf-ray: 8e72ee70eb749766-FRA
expires: Sun, 23 Nov 2025 17:38:10 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 52436
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: font/woff2
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a28f554c166466d4-s.p.woff2
welcome.us/_next/static/media/ 53 KB
53 KB 65ms
64ms Font
font/woff2 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/media/a28f554c166466d4-s.p.woff2

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

227d1189146528d8ea1ffc5a8bce4b9237d9a4e0d729e6131808ed69a841daf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: W/"d388-1926cb0b508"
age: 1899519
cf-ray: 8e72ee70eb789766-FRA
expires: Sun, 23 Nov 2025 17:38:10 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 54152
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: font/woff2
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 e5f94e424fe4e4ae-s.p.woff2
welcome.us/_next/static/media/ 51 KB
52 KB 66ms
65ms Font
font/woff2 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/media/e5f94e424fe4e4ae-s.p.woff2

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

075e4e81f123a3ae5303cf201901aca31f739294781e949a789bd76460bcbc70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: W/"cdca-1926cb0b508"
age: 1899044
cf-ray: 8e72ee70eb799766-FRA
expires: Sun, 23 Nov 2025 17:38:10 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 52682
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: font/woff2
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 409c27b719072cdc-s.p.woff2
welcome.us/_next/static/media/ 54 KB
54 KB 63ms
62ms Font
font/woff2 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/media/409c27b719072cdc-s.p.woff2

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6b0bbbb04d05af996a0e4427cb01640a44a22d2fa0bda889558ba2db136895

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: W/"d6ef-1926cb0b508"
age: 1899519
cf-ray: 8e72ee70eb7b9766-FRA
expires: Sun, 23 Nov 2025 17:38:10 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 55023
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: font/woff2
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 fe7408528581d7fb.css
welcome.us/_next/static/css/ 104 KB
36 KB 40ms
39ms Stylesheet
text/css 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/css/fe7408528581d7fb.css

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cf7a2db20cce4d2064d199f17bfb01d59483b9e77d6a7155d5265d544200312

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1a126-192e8f66d88"
age: 251832
cf-ray: 8e72ee70eb719766-FRA
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Fri, 01 Nov 2024 18:21:57 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 169ms
37ms Stylesheet
text/css 2a02:26f0:3500:5::17d8:4d45
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=roq0sji&ht=tk&f=39494.39495.39496.39497.39498.39499.39500.39501.39502.39503.39504.39505.39506.39507.39508.39509.44913.44914.44915.44917.44918.44919&a=133965626&app=typekit&e=css
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d45 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=604800
etag: "6649f74c-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: text/css
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx

GET
DATA 200
OK truncated
/ 431 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e60cf76ae0dd66c45d61be8259078bd28815fdcd9529637b3a8a7b46429cda7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6517c8b45db6d302a765419ae70c84eb23efe142952febc9959674f040a7304a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db2d6af6c77b246095cddac80fd4da7423afbedcf1835515e0678eb6d71a4a10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 566 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3934da10239d9c563c02e00436156750fb9de58333523d9a6f1fe74d24780d63

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 email-decode.min.js Show response
welcome.us/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
872 B 26ms
26ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"673dd3d6-4d7"
x-content-type-options: nosniff
cf-ray: 8e72ee719948dc9a-FRA
expires: Mon, 25 Nov 2024 17:38:10 GMT
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2024 12:19:34 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H3 200 rocket-loader.min.js Show response
welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 25ms
25ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"673dd3d6-302c"
x-content-type-options: nosniff
cf-ray: 8e72ee71a94fdc9a-FRA
expires: Mon, 25 Nov 2024 17:38:10 GMT
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript
last-modified: Wed, 20 Nov 2024 12:19:34 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H3 200 underline.d35bfcf8.svg
welcome.us/_next/static/media/ 987 B
811 B 48ms
47ms Image
image/svg+xml 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/static/media/underline.d35bfcf8.svg

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/css/fe7408528581d7fb.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1bd5620339f8d9f2179bab361a16ad4b78a6a935429b7fb953ad1ed761ca06e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/_next/static/css/fe7408528581d7fb.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3db-1926cb0b508"
age: 1898911
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: image/svg+xml
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee71fa69dc9a-FRA
server: cloudflare

GET
H2 200 l
use.typekit.net/af/153042/00000000000000007735bb62/30/ 24 KB
24 KB 204ms
73ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/153042/00000000000000007735bb62/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "b0d46bd3fb22c6c06785f44e1a131be6878e0485"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24460
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/05ed7b/00000000000000007735c719/30/ 26 KB
26 KB 210ms
80ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/05ed7b/00000000000000007735c719/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: e28a48d4dd179a8a3647a6b611b82fb0ad16092057a66e565da67f74b01aa6c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "bf743031b1ec9b88e100a458f481b68c8c254a52"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 26176
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/c5cd8b/00000000000000007735c722/30/ 27 KB
27 KB 206ms
76ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c5cd8b/00000000000000007735c722/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1d689cf7c58d093673ae29e76731a4784e242e3cf6ee99dc880270c7230e25f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "dbafd58fbb3b5eb59765a1fe8e720891a7095c41"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 27652
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/2807c7/00000000000000007735bb48/30/ 24 KB
24 KB 172ms
43ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2807c7/00000000000000007735bb48/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: e9c868845bfe5b3bf488c1c436477de885248c4634cc36d08d11240fc9653290

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "345c80c63820ac9235d1faecff05a70c32942437"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24820
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/384d9b/00000000000000007735bb6a/30/ 25 KB
25 KB 166ms
36ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/384d9b/00000000000000007735bb6a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: 1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "23427917d6d72688888854d7151dc7962d8d8301"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 25828
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/2b59e1/00000000000000007735bb53/30/ 26 KB
26 KB 168ms
38ms Font
application/font-woff2 2a02:26f0:3500:5::17d8:4d48
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2b59e1/00000000000000007735bb53/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:5::17d8:4d48 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: nginx /
Resource Hash: ad714fb95a9efeb8fe9bd7d99a576fa924af0b60cad059166a4909d7f21f24cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://welcome.us
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "83fe0c20a9aa6541c6b7c0c462784870b335362e"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 26880
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/font-woff2
server: nginx

GET
H3 200 image
welcome.us/_next/ 86 KB
87 KB 347ms
346ms Image
image/webp 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/image?url=https%3A%2F%2Fassets.welcome.us%2Fprd%2Fukraine_1200x400_c7e2689ae2.jpg&w=1200&q=75

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7eeb2be3620db7e47a10d28a2c5dc38b60259691440213d5427e28162bfdf802

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cf-cache-status: DYNAMIC
etag: fusr42INt+R6ENKKLF3Di2AllpFEAhPVQn4oFiv9+AI=
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: image/webp
vary: Accept
content-disposition: inline; filename="ukraine_1200x400_c7e2689ae2.webp"
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
cache-control: public, max-age=1200, must-revalidate
cf-ray: 8e72ee723b09dc9a-FRA
content-length: 88298
x-nextjs-cache: HIT
server: cloudflare

GET
H3 200 _ssgManifest.js Show response
welcome.us/_next/static/5x8s8VghkIKE0TblcPaG3/ 739 B
550 B 35ms
33ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/5x8s8VghkIKE0TblcPaG3/_ssgManifest.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f787cca1840e60cf78c030e95ba0bc84167491002df24df9dc34d83e54e245c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"2e3-1934f264768"
age: 183200
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 21 Nov 2024 14:35:29 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b77dc9a-FRA
server: cloudflare

GET
H3 200 _buildManifest.js Show response
welcome.us/_next/static/5x8s8VghkIKE0TblcPaG3/ 2 KB
1 KB 39ms
38ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/5x8s8VghkIKE0TblcPaG3/_buildManifest.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b168d13e740805e2baa1f3af5c02b6b6bc4ddc18ab7d54e763e9928e3faf9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"9de-1934f24c898"
age: 183200
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 21 Nov 2024 14:33:51 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b79dc9a-FRA
server: cloudflare

GET
H3 200 %5Bslug%5D-ca4063639c1d904c.js Show response
welcome.us/_next/static/chunks/pages/explainers/ 4 KB
2 KB 58ms
56ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/pages/explainers/%5Bslug%5D-ca4063639c1d904c.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac6f2f13bbfd7c64f16c24793cc1476e1e44d378bb909bc55cc04258afaf324

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"fea-1926cb0b508"
age: 1899014
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b7cdc9a-FRA
server: cloudflare

GET
H3 200 _app-d6a5cc7be3a3785c.js Show response
welcome.us/_next/static/chunks/pages/ 778 KB
239 KB 58ms
57ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/pages/_app-d6a5cc7be3a3785c.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

771696225684dcf410783f763ac7ecd8894910c6487535cc73592411e2516b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"c277d-1926cb0b508"
age: 1899189
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b7ddc9a-FRA
server: cloudflare

GET
H3 200 main-959f6b95aa5205a7.js Show response
welcome.us/_next/static/chunks/ 115 KB
33 KB 131ms
130ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f8064732678ebc35c0458a571525ce84713317bcc6d586782211943b98f3f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1ccbd-1926cb0b508"
age: 1899189
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b7fdc9a-FRA
server: cloudflare

GET
H3 200 framework-0c7baedefba6b077.js Show response
welcome.us/_next/static/chunks/ 138 KB
45 KB 39ms
38ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/framework-0c7baedefba6b077.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cd1cca3aebcdd10c33d713a95479909354ddbc5d5ad9761466ac27ea528895d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"226f7-1926cb0b508"
age: 1899013
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b81dc9a-FRA
server: cloudflare

GET
H3 200 webpack-3b2b45ca6df62424.js Show response
welcome.us/_next/static/chunks/ 5 KB
2 KB 34ms
33ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/webpack-3b2b45ca6df62424.js

Requested by

Host: welcome.us
URL: https://welcome.us/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e23ccf9109250232b3e0e98b1bb5b47cf15bc3ae3555201a479e5445954f6816

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"14b5-192e8f66d88"
age: 1897786
expires: Sun, 23 Nov 2025 17:38:10 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 01 Nov 2024 18:21:57 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee725b82dc9a-FRA
server: cloudflare

GET
H3

200

main.js Show response
welcome.us/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/ Frame EF63
Redirect Chain

https://welcome.us/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://welcome.us/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js?

8 KB
4 KB

174ms
174ms

Script
application/javascript

2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js?

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fe8cfbb74b3ebf9885834e730c6cf30d9fce8b6eab8a1014cfd1328c8d31632

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: gzip
x-content-type-options: nosniff
cf-ray: 8e72ee728c17dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js?
cf-ray: 8e72ee725b85dc9a-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:10 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

POST
H3 200 8e72ee6e58009766 Show response
welcome.us/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame EF63 0
696 B 40ms
32ms XHR
text/plain 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welcome.us/cdn-cgi/challenge-platform/h/g/jsd/r/8e72ee6e58009766
Requested by: Host: welcome.us
URL: https://welcome.us/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8e72ee743918dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 370 KB
120 KB 92ms
35ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a9896082a1cac12ecbf74fd4edd001bf13862188fcec4ad6924dc7359f111d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Sat, 23 Nov 2024 17:38:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 23 Nov 2024 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 122209
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 favicon.ico
welcome.us/ 19 KB
1 KB 183ms
182ms Other
image/x-icon 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e140d553816664cf517f460bc0fe9b745b5a0bf78444f848a41f81d1dd1e8ab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=1200
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4a92-1934f230b48"
cf-ray: 8e72ee743948dc9a-FRA
expires: Sat, 23 Nov 2024 17:58:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: image/x-icon
last-modified: Thu, 21 Nov 2024 14:31:57 GMT
vary: Accept-Encoding
priority: u=1,i

POST
H3 200 get-data Show response
welcome.us/api/ 9 KB
2 KB 409ms
408ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/api/get-data

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/pages/_app-d6a5cc7be3a3785c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0873e178670a6de2c62c55be852c50028526f4fb4cdac92b96912325c46ee32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=60
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "664jjbkr2572e"
cf-ray: 8e72ee751b7ddc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 getLayoutData Show response
welcome.us/api/ 634 B
691 B 521ms
521ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/api/getLayoutData

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/pages/_app-d6a5cc7be3a3785c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

648b5846fc2a82ba5bf9c399d419573a9b8110980647b3ca949b8ca93a8579cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=60
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"bwxs7pl1gwhm"
cf-ray: 8e72ee751b82dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 sponsor-faqs-for-ukrainians
welcome.us/explainers/ 171 KB
171 KB 372ms
372ms Image
text/html 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
cf-ray: 8e72ee751b86dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 84 KB
29 KB 106ms
42ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3ee33f442d26cf0296a1e404574eac54d3579569f56d3d05439f85195a9e0aa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 370 KB
120 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GTM-K3TTLZS

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f044b9d9cd7350e1798d2630619ba2a1eea8ff27a33d375f6ff30a6b5417698

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 23 Nov 2024 17:38:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 23 Nov 2024 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 122300
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 8e72ee6e58009766 Show response
welcome.us/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame EF63 0
691 B 36ms
29ms XHR
text/plain 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welcome.us/cdn-cgi/challenge-platform/h/g/jsd/r/8e72ee6e58009766
Requested by: Host: welcome.us
URL: https://welcome.us/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8e72ee75dd89dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H3 200 image
welcome.us/_next/ 27 KB
28 KB 346ms
346ms Image
image/webp 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/image?url=https%3A%2F%2Fassets.welcome.us%2Fprd%2FP4_CHNV_1200x400_7c91ed7f2f.jpg&w=640&q=75

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

587b3130ad1cf6e80a96681d8a5e073da17aff2bcf821034109c3baab0e3e0e4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cf-cache-status: DYNAMIC
etag: WHsxMK0c9ugKlmgdil4HPaF6-yvPghA0EJw7qrDj4OQ=
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: image/webp
vary: Accept
content-disposition: inline; filename="P4_CHNV_1200x400_7c91ed7f2f.webp"
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
cache-control: public, max-age=1200, must-revalidate
cf-ray: 8e72ee75fdebdc9a-FRA
content-length: 28020
x-nextjs-cache: STALE
server: cloudflare

GET
H3 200 image
welcome.us/_next/ 15 KB
15 KB 359ms
358ms Image
image/webp 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/image?url=https%3A%2F%2Fassets.welcome.us%2Fprd%2Fsupport_b_1200x400_c7dc6f35ed.jpg&w=640&q=75

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

387c29ec914f74fd435f9f75eda292d48731ec8e18d8d80ce7841455b7bf576c

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cf-cache-status: DYNAMIC
etag: OHwp7JFPdP1DX5917aKS1Icx7I4Y2NgM54QUVbe-V2w=
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: image/webp
vary: Accept
content-disposition: inline; filename="support_b_1200x400_c7dc6f35ed.webp"
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
cache-control: public, max-age=1200, must-revalidate
cf-ray: 8e72ee75fdeddc9a-FRA
content-length: 14884
x-nextjs-cache: STALE
server: cloudflare

GET
H3 200 image
welcome.us/_next/ 24 KB
24 KB 142ms
140ms Image
image/webp 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/image?url=https%3A%2F%2Fassets.welcome.us%2Fprd%2FVenz_Ukr_Cuba_Haiti_1200x400_bf9298421b.jpg&w=640&q=75

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c759ee753f637afc1d79dee9b6085fcbe1d9ba181ea51b2208819e2a8def19c5

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cf-cache-status: DYNAMIC
etag: x1nudT9jevwded7ptghfy+HZuhgepRsiCIGeKo3vGcU=
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: image/webp
vary: Accept
content-disposition: inline; filename="Venz_Ukr_Cuba_Haiti_1200x400_bf9298421b.webp"
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
cache-control: public, max-age=1200, must-revalidate
cf-ray: 8e72ee75fdeedc9a-FRA
content-length: 24092
x-nextjs-cache: STALE
server: cloudflare

GET
H3 200 en.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/ 84 KB
21 KB 369ms
369ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en.json

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdb9a4bed144de7fdb7f0ef79403a068a6bea3de56bb3563d467d48248c6c016

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=31536000, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/
etag: "m8zaukcaan1u07"
cf-ray: 8e72ee760e10dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: HIT
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 index-40038a0aaa55d39f.js
welcome.us/_next/static/chunks/pages/ 0
2 KB 38ms
37ms Other
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/pages/index-40038a0aaa55d39f.js

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"157e-1926cb0b508"
age: 1899189
expires: Sun, 23 Nov 2025 17:38:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=4,i
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee760e12dc9a-FRA
server: cloudflare

GET
H3 404 %5Bslug%5D.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/explainers/ 17 B
264 B 352ms
351ms Fetch 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/explainers/%5Bslug%5D.json?slug=%5Bslug%5D

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f606b61e336e349089e6326cb3a79cf3939fd12adb44fb918b6ca5bc1492ac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=31536000, stale-while-revalidate
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/explainers/[slug]
cf-ray: 8e72ee760e16dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: HIT
date: Sat, 23 Nov 2024 17:38:11 GMT
server: cloudflare
priority: u=1,i

GET
H3 200 subscribe.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 1 KB
1 KB 366ms
365ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/subscribe.json?slug=subscribe

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a30be72d6b65677c6dd8de6bdd5e13944619924a2caaccf945dd8334720c1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
etag: "xc1gz8a1vg168"
cf-ray: 8e72ee760e18dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 %5B...slug%5D-11da3d1419fc4272.js
welcome.us/_next/static/chunks/pages/ 0
2 KB 36ms
36ms Other
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/static/chunks/pages/%5B...slug%5D-11da3d1419fc4272.js

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"df7-1926cb0b508"
age: 1895075
expires: Sun, 23 Nov 2025 17:38:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=4,i
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000
cf-ray: 8e72ee760e1adc9a-FRA
server: cloudflare

POST
H3 200 collect
www.google.com/ccm/ 0
0 81ms
31ms Ping
text/plain 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&scrsrc=www.googletagmanager.com&frm=0&rnd=952563914.1732383492&auid=538139031.1732383492&npa=1&gtm=45He4bk0v850351406za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732383491536&tfd=2048&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 407 KB
131 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RKEPDQ7P0N&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

84a324956518240e24a03553a72578c155b44d2cc82cef179a2f486e4fce8c75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 23 Nov 2024 17:38:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 134378
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 253 KB
91 KB 43ms
42ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-581983592&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f2cf3ff9bf5ca81db173da7b172254a1252bd9d127983d9769ef594d009673eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Sat, 23 Nov 2024 17:38:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 23 Nov 2024 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 92727
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 285 KB
98 KB 70ms
70ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-11164217581&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e96c5614410258dc049a7f2ead3f708951be966926cd50d62b3083e2f461bd4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Sat, 23 Nov 2024 17:38:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 23 Nov 2024 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 100477
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 2554.js Show response
script.crazyegg.com/pages/scripts/0115/ 7 KB
3 KB 93ms
39ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0115/2554.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 934d6d481f371cc48b46b007bd257052a3b9e8f709fc7cfe19b052b809e31544

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 101740
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/javascript
last-modified: Fri, 22 Nov 2024 13:09:54 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8e72ee7688a8a067-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2483
ce-version: 11.5.323
server: cloudflare

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 61ms
24ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: welcome.us
URL: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-WJbJotUM' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-WJbJotUM' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=23, mss=1232, tbw=4463, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: zJMd7JBee7e86oUP2+kfv+/Rk1oycbRIuBROxGEgr413gypWZ+E5voOZZp0tzSUtnkvn2XGV+P6jYKwBgOfUQA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=DgY/d=0/rs=AN8SPfowAA8SIQKHJetkAleDuiUL98-5fQ/ 22 KB
4 KB 59ms
23ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=DgY/d=0/rs=AN8SPfowAA8SIQKHJetkAleDuiUL98-5fQ/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.fxIZHHUDNOw.O/am=DgY/d=1/rs=AN8SPfoyhdNG4WIuoRie-FaJSU34We0LPw/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: gzip
age: 266938
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:29:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:29:13 GMT
last-modified: Thu, 04 Apr 2024 07:26:25 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="rosetta"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4144
x-xss-protection: 0
server: sffe

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.fxIZHHUDNOw.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfrGzmXz_HbLaR1EWXxedqRfoeg9YQ/ 213 KB
74 KB 86ms
24ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.fxIZHHUDNOw.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfrGzmXz_HbLaR1EWXxedqRfoeg9YQ/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.fxIZHHUDNOw.O/am=DgY/d=1/rs=AN8SPfoyhdNG4WIuoRie-FaJSU34We0LPw/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b6af6a9d40ea106609f6cd8bba22616762b4937a9b8a415aeb5b37dce55468d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: gzip
age: 169824
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 18:27:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 18:27:47 GMT
last-modified: Wed, 20 Nov 2024 20:09:58 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="rosetta"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
accept-ranges: bytes
access-control-allow-origin: *
content-length: 75108
x-xss-protection: 0
server: sffe

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame E3BE 0
0 76ms
23ms Document
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwelcome.us

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K3TTLZS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 191299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Nov 2024 12:29:52 GMT
expires: Fri, 21 Nov 2025 12:29:52 GMT
last-modified: Tue, 19 Nov 2024 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 %5B...slug%5D-11da3d1419fc4272.js Show response
welcome.us/_next/static/chunks/pages/ 3 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welcome.us/_next/static/chunks/pages/%5B...slug%5D-11da3d1419fc4272.js
Requested by: Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35247e1033411901b164ca291b632b8f31e20df07ebcb3173165f56eeb4754f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

server: cloudflare
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"df7-1926cb0b508"
age: 1895075
cf-ray: 8e72ee760e1adc9a-FRA
expires: Sun, 23 Nov 2025 17:38:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=4,i

GET
H3 200 index-40038a0aaa55d39f.js Show response
welcome.us/_next/static/chunks/pages/ 5 KB
0 1ms
1ms Script
application/javascript 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://welcome.us/_next/static/chunks/pages/index-40038a0aaa55d39f.js
Requested by: Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4ad2c7b87069504f8dbddb5036c3e4dd5852e4f1cf05e634613fd891e749b70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

server: cloudflare
cache-control: public, max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
etag: W/"157e-1926cb0b508"
age: 1899189
cf-ray: 8e72ee760e12dc9a-FRA
expires: Sun, 23 Nov 2025 17:38:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 08 Oct 2024 15:12:53 GMT
vary: Accept-Encoding
priority: u=4,i

GET
H3 200 welcome.us.json Show response
script.crazyegg.com/pages/data-scripts/0115/2554/site/ 5 KB
2 KB 77ms
50ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0115/2554/site/welcome.us.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0115/2554.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0800305d09a3606c26599e33571cad405745f813cbc47b4b759dd98e878864e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 102495
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json
last-modified: Fri, 22 Nov 2024 13:09:56 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8e72ee76fe2b3a94-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1937
ce-version: 11.5.323
server: cloudflare

GET
H3 200 490132139543178 Show response
connect.facebook.net/signals/config/ 68 KB
13 KB 181ms
180ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/490132139543178?v=2.9.176&r=stable&domain=welcome.us&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

910e4b6b4b480067fef74cde198491a2c5dce10114b527564d18bf51c916b898

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-ORI0p2RL' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-ORI0p2RL' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=75, mss=1232, tbw=70915, tp=67, tpl=0, uplat=156, ullat=0
pragma: public
x-fb-debug: 7krpXlypbK7Tr/Mv/GGb/ISF2M+6SqjrRGZ+CJwXYczqo/q0Mke/7TNdaq6FJekqVDZVWqhIg9LEBBUbebRUSQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/581983592/ 5 KB
3 KB 158ms
44ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/581983592/?random=1732383491673&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&bttype=purchase&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-581983592&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0a0afa64c7a4a3e5e0d6cacea15c3089963d3fcb33bb5fbfe361beb5edcaa365

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2728
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 32ms
31ms Image
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-11164217581&v=3&t=t&pid=1304777462&cv=1&rv=4bk0&tc=8&tag_exp=101925629~102067555~102067808~102077855~102081485&es=1&e=gtm.init_consent&eid=-1&h=Ag&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 31ms
31ms Image
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-11164217581&v=3&t=t&pid=1304777462&cv=1&rv=4bk0&tc=8&tag_exp=101925629~102067555~102067808~102077855~102081485&es=1&e=gtm.init&eid=0&h=Ag&tr=3ogtadsdatatos.3ogt1pdatav2.1ccdadsfirst.1ccdpreautopii.1ccdemform.1ccdadd1pdata.1ccdadslast&ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdpreautopii.2ccdemform.2ccdadd1pdata.2ccdadslast&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 33ms
32ms Image
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 33ms
32ms Image
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 41ms
41ms Image
text/html 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-11164217581&v=3&t=t&pid=1304777462&cv=1&rv=4bk0&tc=8&tag_exp=101925629~102067555~102067808~102077855~102081485&es=1&e=*&eid=6&u=AAAAAAAIAAAAAAAI&h=Ag&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 90ms
35ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RKEPDQ7P0N&gtm=45je4bk0v886507522z8850351406za200zb850351406&_p=1732383491221&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1880672606.1732383492&ul=de-de&are=1&frm=0&pscdl=noapi&_geo=1&_rdi=1&_s=1&sid=1732383491&sct=1&seg=0&dl=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&dt=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&en=page_view&_fv=1&_nsi=1&_ss=1&ep.path_clean=welcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&ep.website_section=welcome.us%2Fexplainers&tfd=2300
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RKEPDQ7P0N&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://welcome.us
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 77ms
35ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-RKEPDQ7P0N&gtm=45je4bk0v886507522za200zb850351406&_p=1732383491221&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1880672606.1732383492&ul=de-de&are=1&frm=0&pscdl=noapi&_geo=1&_rdi=1&sid=1732383491&sct=1&seg=0&dl=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&dt=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&_s=2&tfd=2314
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RKEPDQ7P0N&l=dataLayer&cx=c&gtm=45He4bk0v850351406za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://welcome.us/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://welcome.us
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 1db8eb7ffc8594e42c0729400701d1a8.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 105 KB
36 KB 38ms
37ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/1db8eb7ffc8594e42c0729400701d1a8.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0115/2554.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36fff107db5298724b3acc76f374ab35db4ce90067347613a2ebbcbafd28caa6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 102516
cf-ray: 8e72ee77e9fca067-FRA
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 36609
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/javascript
last-modified: Thu, 21 Nov 2024 14:37:57 GMT
vary: Accept-Encoding
server: cloudflare

GET
DATA 200
OK truncated
/ Frame 0382 0
0 Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Content-Type: text/html;charset=UTF-8

GET
H3 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
3 KB 66ms
23ms Image
image/svg+xml 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: gzip
age: 300464
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 06:10:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 06:10:27 GMT
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3340
x-xss-protection: 0
server: sffe

GET
H3 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
934 B 26ms
25ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

age: 194561
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 11:35:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 11:35:30 GMT
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/png
vary: Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 910
x-xss-protection: 0
server: sffe

GET
H3 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 26ms
26ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=DgY/d=0/rs=AN8SPfowAA8SIQKHJetkAleDuiUL98-5fQ/m=el_main_css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.26tY-h6gH9w.L.W.O/am=DgY/d=0/rs=AN8SPfowAA8SIQKHJetkAleDuiUL98-5fQ/m=el_main_css

Response headers

age: 6687
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Sun, 23 Nov 2025 15:46:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 23 Nov 2024 15:46:44 GMT
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 1842
x-xss-protection: 0
server: sffe

GET
H3

200

/
www.google.de/pagead/1p-conversion/581983592/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1...
https://www.google.com/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dm...
https://www.google.de/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma...

42 B
64 B

71ms
38ms

Image
image/gif

2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI9MyTtf_yiQMVKJb9Bx18iSTEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhNodHRwczovL3dlbGNvbWUudXMvQldDaEFJZ0plR3VnWVE1b3YyanRQQjM4azJFaTBBOHRGTGhyeTU1THFDNUNHT3NrLVJSbkRFR3dmV1djOUNMbG9ZV282NktmNlpLanFfUE1iLTJTMVp2TXM&is_vtc=1&cid=CAQSGwCa7L7d5y3dk93rea8lTkgPVzAteLVkJqCIeA&eitems=ChAIgJeGugYQ7P-LjYrNxv8dEh0AYQ-sTWDNr7eF4cFeqkzGPn3KfI9ts1-R0y-P0A&random=3057455180&ipr=y

Protocol

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sat, 23 Nov 2024 17:38:12 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/581983592/?random=231974733&cv=11&fst=1732383491673&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z8850351406za201zb850351406&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&label=byRqCLvqoeADEOi6wZUC&hn=www.googleadservices.com&frm=0&tiba=Welcome.US%20%7C%20FAQ%3A%20Uniting%20for%20Ukraine%20u4u%20program%20sponsor%20responsibility&value=0&npa=1&pscdl=noapi&auid=538139031.1732383492&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAgilxrECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI9MyTtf_yiQMVKJb9Bx18iSTEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhNodHRwczovL3dlbGNvbWUudXMvQldDaEFJZ0plR3VnWVE1b3YyanRQQjM4azJFaTBBOHRGTGhyeTU1THFDNUNHT3NrLVJSbkRFR3dmV1djOUNMbG9ZV282NktmNlpLanFfUE1iLTJTMVp2TXM&is_vtc=1&cid=CAQSGwCa7L7d5y3dk93rea8lTkgPVzAteLVkJqCIeA&eitems=ChAIgJeGugYQ7P-LjYrNxv8dEh0AYQ-sTWDNr7eF4cFeqkzGPn3KfI9ts1-R0y-P0A&random=3057455180&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Sat, 23 Nov 2024 17:38:11 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 54ms
26ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=490132139543178&ev=PageView&dl=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&rl=&if=false&ts=1732383491896&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732383491894.195680199990353828&ler=empty&cdl=API_unavailable&it=1732383491655&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=4508, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
198 B 214ms
186ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=490132139543178&ev=PageView&dl=https%3A%2F%2Fwelcome.us%2Fexplainers%2Fsponsor-faqs-for-ukrainians&rl=&if=false&ts=1732383491896&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732383491894.195680199990353828&ler=empty&cdl=API_unavailable&it=1732383491655&coo=false&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7440530438458408495"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7440530438458408495", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: N51IhgPWan5A5cTsv6TLCihKBcfdo3FUUQgm8ZyabD78AYFZdcQwhoxbkkFgU3jEqAx54zJ9cwlRqu4NTzVTtw==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4876, tp=13, tpl=0, uplat=163, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 who-we-are.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 12 KB
3 KB 135ms
134ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/who-we-are.json?slug=who-we-are

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c368066031ccb9ccdc0fa89e061428507cfd9a4633f30b522d1fdbf59d4ccd76

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
etag: "aaxaxeco3w952"
cf-ray: 8e72ee787df8dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 become-a-sponsor.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 18 KB
5 KB 772ms
771ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/become-a-sponsor.json?slug=become-a-sponsor

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

528f0593bfb15c28caa0bb0bcc90385df96c59b29736b16a004c867d312fc612

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
etag: "6jidi65wjae0q"
cf-ray: 8e72ee788e15dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 404 get-involved.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 17 B
259 B 144ms
143ms Fetch 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/get-involved.json?slug=get-involved

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f606b61e336e349089e6326cb3a79cf3939fd12adb44fb918b6ca5bc1492ac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=31536000, stale-while-revalidate
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
cf-ray: 8e72ee788e1ddc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: HIT
date: Sat, 23 Nov 2024 17:38:12 GMT
server: cloudflare
priority: u=1,i

GET
H3 200 resources.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 12 KB
3 KB 151ms
150ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/resources.json?slug=resources

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

593f761b4cf40c193075395e716ba220664c77d2622179740eccb134866b9663

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
etag: "88466suxp99o"
cf-ray: 8e72ee788e20dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 news-and-stories.json Show response
welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/ 67 KB
19 KB 155ms
154ms Fetch
application/json 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/news-and-stories.json?slug=news-and-stories

Requested by

Host: welcome.us
URL: https://welcome.us/_next/static/chunks/main-959f6b95aa5205a7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8859836535a378c081e0a9c8c42495ea4687181ac27b73c2b7905f5c7b17d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

x-nextjs-data: 1
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians
purpose: prefetch
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: s-maxage=5, stale-while-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
x-nextjs-matched-path: /en/[...slug]
etag: "sykar9vjym1go7"
cf-ray: 8e72ee788e26dc9a-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-nextjs-cache: STALE
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 welcome.us.json Show response
script.crazyegg.com/pages/data-scripts/0115/2554/sampling/ 156 B
361 B 38ms
37ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0115/2554/sampling/welcome.us.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1db8eb7ffc8594e42c0729400701d1a8.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 406cff5992c46127588afe8ed88a7ccfc9e0961b3f4cf1296b847e85b2201340

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 71791
alt-svc: h3=":443"; ma=86400
date: Sat, 23 Nov 2024 17:38:11 GMT
content-type: application/json
last-modified: Fri, 22 Nov 2024 21:41:40 GMT
vary: Accept-Encoding
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8e72ee78b82d3a94-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 147
ce-version: 11.5.323
server: cloudflare

GET
H3 200 image
welcome.us/_next/ 36 KB
36 KB 144ms
143ms Image
image/webp 2606:4700::6812:12d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://welcome.us/_next/image?url=https%3A%2F%2Fassets.welcome.us%2Fprd%2FFooter_Signup_052ab90e23.jpg&w=1200&q=75

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:12d3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0dfea1742b15b22620d61ceee995b7d910a4c17df50a718f97e9813eb735b03d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/explainers/sponsor-faqs-for-ukrainians

Response headers

cf-cache-status: DYNAMIC
etag: Df6hdCsVsiYg1hzu6ZW32RCkwX31CnGPl+mBPrc1sD0=
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: image/webp
vary: Accept
content-disposition: inline; filename="Footer_Signup_052ab90e23.webp"
priority: u=3,i
strict-transport-security: max-age=15724800; includeSubDomains
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
cache-control: public, max-age=1200, must-revalidate
cf-ray: 8e72ee78ffacdc9a-FRA
content-length: 36838
x-nextjs-cache: HIT
server: cloudflare

OPTIONS
H2 204 clock
tracking.crazyegg.com/ Frame 0
0 198ms
79ms Preflight 54.155.98.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?u=1152554&st=413305&t=1732383491995&tk=dc2da2a86b07377213d1d2101d88443e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.98.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-98-249.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://welcome.us
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Authorization,Content-Type,Access-Control-Allow-Origin,Access-Control-Allow-Methods
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=86400
date: Sat, 23 Nov 2024 17:38:12 GMT
server: awselb/2.0
vary: Access-Control-Request-Headers, Origin, Access-Control-Request-Method

POST
H2 200 clock Show response
tracking.crazyegg.com/ 39 B
145 B 94ms
93ms XHR
text/plain 54.155.98.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?u=1152554&st=413305&t=1732383491995&tk=dc2da2a86b07377213d1d2101d88443e
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1db8eb7ffc8594e42c0729400701d1a8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.98.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-98-249.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: fc48e7fdcc3c7706b461345881445ff696e41b1a964204e7458ddb666ae274f9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/json
Referer: https://welcome.us/

Response headers

cache-control: no-store
access-control-allow-origin: *
content-length: 39
date: Sat, 23 Nov 2024 17:38:12 GMT
content-type: text/plain
server: awselb/2.0

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
463 B 86ms
23ms XHR
application/json 13.35.58.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1db8eb7ffc8594e42c0729400701d1a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.58.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-58-128.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Access-Control-Allow-Origin
etag: "d06f04fccf68d0b228a5923187ce1afd"
age: 5307738
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: GntBHKN2-oMdjvNf-6RZLnn1s3qrtMMFw9iHBhgFDIJfwQBxCJLzjg==
date: Mon, 23 Sep 2024 07:15:55 GMT
content-type: application/json
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
via: 1.1 0679859c01a1d918f3fb77e42174ecf8.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19
x-amz-cf-pop: FRA60-P10
server: AmazonS3

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
463 B 83ms
23ms XHR
application/json 18.66.122.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/1db8eb7ffc8594e42c0729400701d1a8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-72.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://welcome.us/

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Access-Control-Allow-Origin
etag: "d06f04fccf68d0b228a5923187ce1afd"
age: 29348084
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: UBUYK_aMSQiXRPBbQurx96Oe0S1Td0PunZKTSWDlmjdeWGW4Z8HBew==
date: Wed, 20 Dec 2023 01:23:29 GMT
content-type: application/json
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
via: 1.1 5ddb18e15e6b0ed6114111e515bddc66.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19
x-amz-cf-pop: FRA60-P2
server: AmazonS3

GET 77281969-e923-4c73-ae0a-457111e4e332
https://welcome.us/ Frame 0
0

GET 8fa524b5-9130-4b13-9690-e02dcedfe17a
https://welcome.us/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: welcome.us
URL: blob:https://welcome.us/77281969-e923-4c73-ae0a-457111e4e332

Domain: welcome.us
URL: blob:https://welcome.us/8fa524b5-9130-4b13-9690-e02dcedfe17a

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.welcome.us/	1970-01-21 09:58:39	Name: cf_clearance Value: FBrv.iWXnJqpbJON0tmCt7vIEgJl2hkGL.NFPUszX20-1732383491-1.2.1.1-aI_E8T2qZ0OZphou0hNIlBIwNInese.xK4mnePa9OSpr4JuMukVUNd9GHAeKdKZBQ_ZcweID5nLKGTiMrBJliqhgSF2C6mxD.IZqxUID9cfm6SOH1mRhpKcsxOVNAXObFl.2zNhEygo_zpNBbhipLA.4jbuHe5S7XizpYdt3CTEyq_Z_ozvGs4B3rbc0KCMnK5Nd2eK44f9Z35b3asjSuTBtw9S_WQRawzyqfyNiSfyt1rzRmVTD9AyRlylG2QkfXRbMszhVfgwKE7zN2Wa2ypOXg9ukMo.2sd9zKa7ulho7udbqMOVmRH0MyBd00MML4wmfWiM9IqmLPn28r.asVoZ0zt8SdnzsnSxVvjaajGZOsleYbzBHazaiQ518F440
.welcome.us/	1970-01-21 03:22:39	Name: _gcl_au Value: 1.1.538139031.1732383492
.welcome.us/	1970-01-21 10:49:03	Name: _ga Value: GA1.1.1880672606.1732383492
.welcome.us/	1970-01-21 10:49:03	Name: _ga_RKEPDQ7P0N Value: GS1.1.1732383491.1.0.1732383491.0.0.0
.welcome.us/	1970-01-21 03:22:39	Name: _fbp Value: fb.1.1732383491894.195680199990353828
.doubleclick.net/	1970-01-21 01:13:04	Name: test_cookie Value: CheckForPermission
.welcome.us/	1969-12-31 23:59:59	Name: cebs Value: 1
.welcome.us/	1970-01-21 01:14:29	Name: _ce.clock_data Value: 48%2C84.19.175.183%2C1%2Ce70c069864ec1ceef7523c2cc9b41fcd%2CChrome%2CDE
.welcome.us/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.welcome.us/	1970-01-21 09:58:39	Name: _ce.s Value: v~c2af586578eb3e27b942fb6fb604c096acc89950~lcw~1732383492296~vir~new~lva~1732383491993~vpv~0~v11.fhb~1732383492295~v11.lhb~1732383492295~v11.cs~413305~v11.s~b63c4480-a9c1-11ef-8de9-c5e976d68cb9~lcw~1732383492297

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/explainers/%5Bslug%5D.json?slug=%5Bslug%5D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://welcome.us/_next/data/5x8s8VghkIKE0TblcPaG3/en/get-involved.json?slug=get-involved Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets-tracking.crazyegg.com
communityengagement.cmail20.com
connect.facebook.net
fonts.gstatic.com
googleads.g.doubleclick.net
p.typekit.net
pagestates-tracking.crazyegg.com
region1.google-analytics.com
script.crazyegg.com
tracking.crazyegg.com
translate.google.com
translate.googleapis.com
ukraine.welcome.us
use.typekit.net
welcome.us
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
welcome.us
13.35.58.128
142.250.185.130
18.196.121.95
18.66.122.72
2001:4860:4802:32::36
2606:4700::6812:12d3
2606:4700::6812:13d3
2606:4700::6813:9308
2a00:1450:4001:800::200e
2a00:1450:4001:802::2003
2a00:1450:4001:806::2008
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a02:26f0:3500:5::17d8:4d45
2a02:26f0:3500:5::17d8:4d48
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
54.155.98.249
075e4e81f123a3ae5303cf201901aca31f739294781e949a789bd76460bcbc70
0800305d09a3606c26599e33571cad405745f813cbc47b4b759dd98e878864e6
0a0afa64c7a4a3e5e0d6cacea15c3089963d3fcb33bb5fbfe361beb5edcaa365
0ac6f2f13bbfd7c64f16c24793cc1476e1e44d378bb909bc55cc04258afaf324
0dfea1742b15b22620d61ceee995b7d910a4c17df50a718f97e9813eb735b03d
0fe8cfbb74b3ebf9885834e730c6cf30d9fce8b6eab8a1014cfd1328c8d31632
1047020444e0f9d5830f2d569440909a6aaf61ef5b6db572bc3b9987f4b4f741
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cd1cca3aebcdd10c33d713a95479909354ddbc5d5ad9761466ac27ea528895d
1d689cf7c58d093673ae29e76731a4784e242e3cf6ee99dc880270c7230e25f4
227d1189146528d8ea1ffc5a8bce4b9237d9a4e0d729e6131808ed69a841daf8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2cf7a2db20cce4d2064d199f17bfb01d59483b9e77d6a7155d5265d544200312
2dcac4047f716bc02991807013dff48324f753a0fce153a57e5b6383437ba3fc
2f606b61e336e349089e6326cb3a79cf3939fd12adb44fb918b6ca5bc1492ac0
35247e1033411901b164ca291b632b8f31e20df07ebcb3173165f56eeb4754f2
36fff107db5298724b3acc76f374ab35db4ce90067347613a2ebbcbafd28caa6
387c29ec914f74fd435f9f75eda292d48731ec8e18d8d80ce7841455b7bf576c
3934da10239d9c563c02e00436156750fb9de58333523d9a6f1fe74d24780d63
3b168d13e740805e2baa1f3af5c02b6b6bc4ddc18ab7d54e763e9928e3faf9e8
3ee33f442d26cf0296a1e404574eac54d3579569f56d3d05439f85195a9e0aa4
3f8064732678ebc35c0458a571525ce84713317bcc6d586782211943b98f3f2a
406cff5992c46127588afe8ed88a7ccfc9e0961b3f4cf1296b847e85b2201340
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4f044b9d9cd7350e1798d2630619ba2a1eea8ff27a33d375f6ff30a6b5417698
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
528f0593bfb15c28caa0bb0bcc90385df96c59b29736b16a004c867d312fc612
587b3130ad1cf6e80a96681d8a5e073da17aff2bcf821034109c3baab0e3e0e4
593f761b4cf40c193075395e716ba220664c77d2622179740eccb134866b9663
5b6af6a9d40ea106609f6cd8bba22616762b4937a9b8a415aeb5b37dce55468d
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
648b5846fc2a82ba5bf9c399d419573a9b8110980647b3ca949b8ca93a8579cf
6517c8b45db6d302a765419ae70c84eb23efe142952febc9959674f040a7304a
6f787cca1840e60cf78c030e95ba0bc84167491002df24df9dc34d83e54e245c
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
771696225684dcf410783f763ac7ecd8894910c6487535cc73592411e2516b1f
7a30be72d6b65677c6dd8de6bdd5e13944619924a2caaccf945dd8334720c1db
7e60cf76ae0dd66c45d61be8259078bd28815fdcd9529637b3a8a7b46429cda7
7eeb2be3620db7e47a10d28a2c5dc38b60259691440213d5427e28162bfdf802
82689b283827f22b0ad5d37f09d727f170669c3c2c41730e84f2edea7167c700
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
84a324956518240e24a03553a72578c155b44d2cc82cef179a2f486e4fce8c75
8a9896082a1cac12ecbf74fd4edd001bf13862188fcec4ad6924dc7359f111d9
910e4b6b4b480067fef74cde198491a2c5dce10114b527564d18bf51c916b898
934d6d481f371cc48b46b007bd257052a3b9e8f709fc7cfe19b052b809e31544
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
ad714fb95a9efeb8fe9bd7d99a576fa924af0b60cad059166a4909d7f21f24cd
b4ad2c7b87069504f8dbddb5036c3e4dd5852e4f1cf05e634613fd891e749b70
bd6b0bbbb04d05af996a0e4427cb01640a44a22d2fa0bda889558ba2db136895
c1bd5620339f8d9f2179bab361a16ad4b78a6a935429b7fb953ad1ed761ca06e
c368066031ccb9ccdc0fa89e061428507cfd9a4633f30b522d1fdbf59d4ccd76
c641bb015f4181b334d8c210ef0dc83ea2419d5e209f1effd0141e73d5f5f984
c759ee753f637afc1d79dee9b6085fcbe1d9ba181ea51b2208819e2a8def19c5
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdb9a4bed144de7fdb7f0ef79403a068a6bea3de56bb3563d467d48248c6c016
db2d6af6c77b246095cddac80fd4da7423afbedcf1835515e0678eb6d71a4a10
e0873e178670a6de2c62c55be852c50028526f4fb4cdac92b96912325c46ee32
e140d553816664cf517f460bc0fe9b745b5a0bf78444f848a41f81d1dd1e8ab7
e23ccf9109250232b3e0e98b1bb5b47cf15bc3ae3555201a479e5445954f6816
e28a48d4dd179a8a3647a6b611b82fb0ad16092057a66e565da67f74b01aa6c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96c5614410258dc049a7f2ead3f708951be966926cd50d62b3083e2f461bd4c
e9c868845bfe5b3bf488c1c436477de885248c4634cc36d08d11240fc9653290
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2cf3ff9bf5ca81db173da7b172254a1252bd9d127983d9769ef594d009673eb
f8859836535a378c081e0a9c8c42495ea4687181ac27b73c2b7905f5c7b17d69
fc48e7fdcc3c7706b461345881445ff696e41b1a964204e7458ddb666ae274f9

welcome.us Open in urlscan Pro 2606:4700::6812:12d3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

83 Requests

95 %HTTPS

76 %IPv6

14 Domains

21 Subdomains

20 IPs

3 Countries

1983 kBTransfer

4819 kBSize

10 Cookies

17 Outgoing links

Page URL History

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

welcome.us Open in urlscan Pro
2606:4700::6812:12d3 Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

95 %
HTTPS

76 %
IPv6

14
Domains

21
Subdomains

20
IPs

3
Countries

1983 kB
Transfer

4819 kB
Size

10
Cookies

83 HTTP transactions
5 data transactions