www.federalpay.org Open in urlscan Pro
2606:4700:20::ac43:4507 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.federalpay.com/
Effective URL:
https://www.federalpay.org/
Submission: On February 16 via automatic, source certstream-suspicious (February 16th 2023, 3:33:00 am UTC) — Scanned from DE

Summary HTTP 244 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 41 IPs in 11 countries across 35 domains to perform 244 HTTP transactions. The main IP is 2606:4700:20::ac43:4507, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.federalpay.org. The Cisco Umbrella rank of the primary domain is 214268.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 15th 2022. Valid for: a year.

This is the only time www.federalpay.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:1450:400... 2a00:1450:400d:806::2013	15169 (GOOGLE) (GOOGLE)
20	2606:4700:20:... 2606:4700:20::ac43:4507	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400d:803::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	157.240.20.19 157.240.20.19	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:806::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:4e:1... 2620:1ec:4e:1::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
20	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2 6	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:808::2002	15169 (GOOGLE) (GOOGLE)
4	52.184.204.244 52.184.204.244	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
31	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:80c::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	52.58.82.235 52.58.82.235	16509 (AMAZON-02) (AMAZON-02)
5 19	142.250.180.194 142.250.180.194	15169 (GOOGLE) (GOOGLE)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	216.52.2.6 216.52.2.6	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	2600:9000:211... 2600:9000:211a:c800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2 3	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1 2	23.203.125.36 23.203.125.36	16625 (AKAMAI-AS) (AKAMAI-AS)
22	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a02:2638:1::17 2a02:2638:1::17	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	2a02:2638::c 2a02:2638::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	54.155.214.228 54.155.214.228	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:65c:856d:c47c:cddd	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.181 213.155.156.181	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3	142.250.201.194 142.250.201.194	15169 (GOOGLE) (GOOGLE)
4	2600:9000:214... 2600:9000:214f:ca00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:1f18:1ac... 2600:1f18:1aca:4280:fb94:9156:e761:3b9e	14618 (AMAZON-AES) (AMAZON-AES)
1 2	20.205.115.81 20.205.115.81	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
244	41

1 2a00:1450:400d:806::2013 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.federalpay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700:20::ac43:4507 (United States)

ASN13335 (CLOUDFLARENET, US)

www.federalpay.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::200e (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.20.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:4e:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:808::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.184.204.244 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

n.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.82.235 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-82-235.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.180.194 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s33-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.6 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211a:c800:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.38.120.206 (Hessen, Germany) 2 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.203.125.36 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-125-36.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.211.84 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:1::17 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a02:2638::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.214.228 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-214-228.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:65c:856d:c47c:cddd (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.181 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-181.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.201.194 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:214f:ca00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f18:1aca:4280:fb94:9156:e761:3b9e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.205.115.81 (Central, Hong Kong) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 137	562 KB
43	criteo.net static.criteo.net — Cisco Umbrella Rank: 630 csm.eu.criteo.net — Cisco Umbrella Rank: 8410 pix.eu.criteo.net — Cisco Umbrella Rank: 8393	220 KB
43	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 77 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 313	195 KB
20	federalpay.org www.federalpay.org — Cisco Umbrella Rank: 214268	442 KB
10	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 270	98 KB
10	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 753 static.adsafeprotected.com — Cisco Umbrella Rank: 571 dt.adsafeprotected.com — Cisco Umbrella Rank: 531	104 KB
9	gstatic.com www.gstatic.com	70 KB
9	google.com 3 redirects cse.google.com — Cisco Umbrella Rank: 2697 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 72	3 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1167 n.clarity.ms — Cisco Umbrella Rank: 7698 c.clarity.ms — Cisco Umbrella Rank: 1651	22 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	335 KB
6	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 8334 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 13105 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 12670	103 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 533	4 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	4 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	4 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2506	20 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	70 KB
3	facebook.com 1 redirects web.facebook.com — Cisco Umbrella Rank: 213 www.facebook.com — Cisco Umbrella Rank: 106	17 KB
3	yahoo.com 3 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 422 ups.analytics.yahoo.com — Cisco Umbrella Rank: 273	1 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 712	828 B
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 337	1 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 796	136 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 731	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4255	653 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1222	458 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 591	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 714	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 9006	696 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	116 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	88 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 241	740 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 726	718 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 709	437 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 863	608 B
1	federalpay.com 1 redirects www.federalpay.com	131 B
244	35

	Domain	Requested by
31	tpc.googlesyndication.com	googleads.g.doubleclick.net www.federalpay.org tpc.googlesyndication.com pagead2.googlesyndication.com
29	pagead2.googlesyndication.com	www.federalpay.org cdnjs.cloudflare.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
22	static.criteo.net	ads.eu.criteo.com static.criteo.net
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.federalpay.org
20	www.federalpay.org	www.federalpay.org cdnjs.cloudflare.com
19	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net
17	pix.eu.criteo.net	ads.eu.criteo.com www.federalpay.org
10	s0.2mdn.net	www.federalpay.org s0.2mdn.net googleads.g.doubleclick.net
9	www.gstatic.com	www.federalpay.org googleads.g.doubleclick.net
7	www.googletagservices.com	googleads.g.doubleclick.net
6	www.google.com	2 redirects www.federalpay.org googleads.g.doubleclick.net tpc.googlesyndication.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	dt.adsafeprotected.com	googleads.g.doubleclick.net
4	static.adsafeprotected.com	googleads.g.doubleclick.net srcdoc
4	csm.eu.criteo.net	ads.eu.criteo.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
4	n.clarity.ms	www.clarity.ms
4	cdnjs.cloudflare.com	www.federalpay.org cdnjs.cloudflare.com
3	googleads4.g.doubleclick.net	www.federalpay.org
3	onetag-sys.com	2 redirects googleads.g.doubleclick.net
3	eb2.3lift.com	3 redirects
2	static.xx.fbcdn.net	www.facebook.com
2	web.facebook.com	1 redirects connect.facebook.net
2	c.clarity.ms	1 redirects
2	ups.analytics.yahoo.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	d5p.de17a.com	2 redirects
2	fw.adsafeprotected.com	1 redirects www.federalpay.org
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	ap.lijit.com	2 redirects
2	pm.w55c.net	2 redirects
2	rtb.nl3.eu.criteo.com	googleads.g.doubleclick.net www.federalpay.org
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.clarity.ms	www.federalpay.org www.clarity.ms
2	www.google-analytics.com	www.federalpay.org
2	www.googletagmanager.com	www.federalpay.org www.googletagmanager.com
2	connect.facebook.net	www.federalpay.org connect.facebook.net
1	www.facebook.com	connect.facebook.net
1	c.bing.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	um.simpli.fi	1 redirects
1	s.ad.smaato.net	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cse.google.com	1 redirects
1	www.federalpay.com	1 redirects
244	52

This site contains links to these domains. Also see Links.

Domain
www.opm.gov
www.gsa.gov

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-25` - `2023-02-23`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-22` - `2023-03-26`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-04-05`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-19` - `2023-03-24`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-17`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://www.federalpay.org/
Frame ID: FEAF44D83169ED12C04362A873530420
Requests: 53 HTTP requests in this frame

Frame: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676505600
Frame ID: B99D7BEF09903403C0C1D7A2BB9C5886
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html
Frame ID: 3AB759EDDDDB25674948240396D32039
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&adk=1812271804&adf=3025194257&lmt=1676518368&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368066&bpp=4&bdt=562&idt=514&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=865048011137&frm=20&pv=2&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=547
Frame ID: AA593610FFB037EFD2AF987AB4FD66FD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=7684466267&adk=3741586606&adf=1864244998&pi=t.ma~as.7684466267&w=351&fwrn=4&fwrnh=100&lmt=1676518368&rafmt=1&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368070&bpp=2&bdt=567&idt=551&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=686&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iPoqXCFlN4&p=https%3A//www.federalpay.org&dtd=557
Frame ID: 13C2F91189865313A0296211F79981C8
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 140D86AF96B8B575BF36D4CBA109009C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10
Frame ID: 473EAC002E7C211ED6BFB1185A670104
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Frame ID: 69D3A0431FC92A0BCED770C13A4EB43B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 88E1FB5873BC06C5FD27D5CF851E31DC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: B14898024D7A322AE9D90765835A6FD8
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 57E0D2B83FA0B7C5DC8B6967B82CC030
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4D4EE8E0F1D24B4B27814B0F3CFE79E7
Requests: 14 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4AAKUGsIEfDsAA7ff9mBcMxGT5IU4qRtlg&u=%7C8pGZcb0Xuqj30VgiVuQ75WtEusHMY9F862XWd1cyfwE%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakj_vOW-2yxcdN9EEMU4bfVZCLg28_9_-efnKkZihT3pj6XXN8eUljhTzIuko3hQWrnn1_NY9n2v4OnprJ7cqbAvnMWiD7zFT4jEc5RF3BsM02_yF1kziRNKiJsKPmqBhHNYKqMM001wbPIkdOgasLegn4kMKcRmbYnF-m5ANxVZ_AmU-8saDouV-l9krW7fSa97alwjrXI5D_RAK96ppDmXRVo-Y0VgPhXebLVsasY21S1GT-X6CpEqx9RE9jZHWd1wUfnsrQewodCiqmnMCKXHKGXWU6GcvpOBqKFtqOQmWwYQG3Y4Kk0_pe6X2IfHoM11yU2ECDyJa3piJoX2bM9oBjPFpJ6lvKDIH5rJKG2ZmGdWvQA80HJLNhUwiEL6Yix7XI5gJ10-8wHGgBCIFmLz42gETnj-E0vk55xuwZHibJzccTYZZmYmFc2GdjT00IB7I2CpzK9vdwL2eWzgYDmD9VsfKztoADwfmP0PJW_zRIvGo1m1JzqrLd9-0jkG1NI2gPJbDmY9gCjPklYYXM_v6tvLPf-587ryzz1qfyUvQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLWcx4KPtY-ugKezhx_AP_767uAPJntKxXNWdkfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpAkuQppJW77E-qAMBqgTgAU_Q6CgSVBoaEBayVkA3BmuM6nFyqYqnHYbLfyFTLYjiT66Il3oPo8xYFGNsmFHYItuiY5TsnJCCwija7liX5qP_6QXtH2Z8NZrDliUkJNBLPoRrEbF3NlMIuoOVB4oqQiXtqkv9dNCN8HLWYEtwrv5ITgDsP86eQuWzzLsPlwH5yeKbPOEuVhKBZ8hvQqic4_JlPl9SPIZqIMZSXDJtH0YCd6-PYEA7T1P8di5uVrgeQu-MSj3asC78ySy7Wu86wsydvTMs9SRhgMH2oHGjLi5al4YLJOKW14Yos0N7Vc1ygAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0RVxSffb0eXAnZfPiZ33W0xxCabg%26client%3Dca-pub-2244847655937829%26adurl%3D
Frame ID: 9285D36182C265E0EB1F1521F58BB918
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 70CEBA2FBB3F8FF3A5CC9D6C8922AEF2
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4gAHZFIIEerDAAodLErrSgQV5zwOlggMPA&u=%7C9%2Bpza3QQaLdWr0%2FU3kzWvEWLGNRGCwxSWPjQ0N23B6A%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUalnM-PErbzrhDm9NSv8dviegAVIuycJozGC1Vsh1JFMx0j7JPu3YjhEE-WhM_Uu3omLQ8SSoFoVVXxAtqXrY7IvpnvRWoV0uApFk-rrqtoWUlr19Wkm9NgHnTg_AlU0BFa8Ugt4LSAe7u7V1z8gZnUemxUCOv5HJrHNTCvSuGrbkxqMc2tDckXlq94JoPCKlcL_UokKK648J4jOgJD1HNkFFsQgnONThMhDLGItM4geJPjP7xrNd9Uk2ZZjj7p3xm0d5_chqk0F-6CjnZhR7hGuVXmsZIaYO1YFnicOKpYuiEXgxALhY4jAnqzXwvq6q7K5rF9phgI64Vk0xYxYUU_pkpc9W8Kmc2vT5UqllK_ZdQfv-grtq0r8br5rdmlBKcWjrhSx4aCDOr3cYF3tlk-4pluBA1hq2pJWFR_0aiLqGRV2MyIpGTvo-ayGl5oGGsdmpLuN542V8kdNL91ycVMhgk_GnL9Jm5d3BjN3Fvf1TbN-XNEQVIX75EoiXz6iQ34h0TiCVLL9qc2BCItg0ERXsjYbyfbZlIV2RZVnZ5I8tw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdIuD4qPtY9LIHcPVx_APrLqoqAjJntKxXL3plfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpApwopOxR8LE-qAMBqgTmAU_QTTJtDRffA6PIuklCinKur4nNnClbgEOyiPaYF_Z3ibUgqWyvL1rhRZAQ9ldjowiuim9MTZ1MQnoTFvitw4gHljWpiukl86LXsfpVLH5gTEjlvA9s3Jdameg89UP3MJY1Ch2wZCuoqrLsMLn0AyLjvXBexvTS9jzUsynBf1gl7cLTDLwX6Clj5Opdv-PBI5hq7BvOcM_GEuuOC6BjFq7TNpOfkHW53fimPKUHkl6JDdO3RMSWyb0kcCN3nMwjISqXQ_k0HmF_CNtDTiGxUrNvMhGY9g1cqMBWGxtqWuwShc6IW_pWgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2v2YQxOzGpgZPa3RJ0JGnCF5snIA%26client%3Dca-pub-2244847655937829%26adurl%3D
Frame ID: EA73DD5A27FCC613DA41D7078C3C4551
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 220B19DDFF3E167FA2322B1EE0544761
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: F678FEA83F8C045214A67B9570F893C0
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E8560AD260D6AF9EA3C96832719267E3
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYiLnOxQEwAQ&v=APEucNWQCj7duTdKJNTo0VPGyRox2A1LYEc1agyBsQiZtB-E5vjopW3cKMtO56Uu1k6u9GXf3jUmZLwuVFoPFPikuaOTl0UyCTO9YQhLC-mAkZa9rNklpxnLJqBZDONzne0ocIYYoPwMBjiyGFQ2aITebTzV2z3MB2sRHWXFB7rPWve4CRRKbRc
Frame ID: 75EE7D7C78F0232211027482063E27DD
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: B4E677963555F33A3B408A07FD3519BC
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 031578F5CD3471EA4D1E18CECFAF14CA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1AEC8071638E725A6CD8237248F0F676
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 7A4A5625EE6A6A322C3E9AF2C49F77CB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DD42ED88EBF2608F021D63B9C535AA94
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
Frame ID: 962DA04BE9A9F36FAE19579DE770B16D
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 565467424286C367E0954BB9EC4EBB9E
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_320x50.js
Frame ID: CEE4DDA9DC069CBA41AC820A8BD86129
Requests: 2 HTTP requests in this frame

Frame: https://web.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df22c718fd52c8e4%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=en_US&sdk=joey&share=false&show_faces=true&size=large&width=
Frame ID: 07951A8BFBE069E474FCE5DD76D8AF9B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large&_rdc=1&_rdr
Frame ID: E153914CC25E816684D2640487DB7C04
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 25C79BA3F3208FF5770006977FE7382E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 872CD3136FF8AAD296F144C2F51309C8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FederalPay.org - The Civil Employee's Resource

Page URL History Show full URLs

https://www.federalpay.com/ HTTP 301
https://www.federalpay.org/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

244
Requests

92 %
HTTPS

63 %
IPv6

35
Domains

52
Subdomains

41
IPs

11
Countries

2607 kB
Transfer

6735 kB
Size

35
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.opm.gov/
Title: OPM.GOV

Search URL Search Domain Scan URL

URL: https://www.gsa.gov/
Title: General Service Administration

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.federalpay.com/ HTTP 301
https://www.federalpay.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 108

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 126

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVxELcTg-VPxzUm_oW1AnAP96K-zjnL88ihM9uUQ-Wmc4vhethLxV0HRNQ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVxELcTg-VPxzUm_oW1AnAP96K-zjnL88ihM9uUQ-Wmc4vhethLxV0HRNQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R3ZObW5maXMxUHN2MFQ1&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVxELcTg-VPxzUm_oW1AnAP96K-zjnL88ihM9uUQ-Wmc4vhethLxV0HRNQ

Request Chain 128

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGopT86WQi6vaHRJiTEfb80&google_cver=1&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGopT86WQi6vaHRJiTEfb80&google_cver=1&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ&google_hm=GKgUqGZHV_RDGQ5cQ_G1Gg60

Request Chain 129

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENJFPuZaJwemxS9y9TQRO-8&google_cver=1&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcurjp3sVJ1yRqC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcurjp3sVJ1yRqC

Request Chain 130

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMBAutadcS6Ne16fC9ImWxc&google_cver=1&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37Czng HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37Czng&google_gid=CAESEMBAutadcS6Ne16fC9ImWxc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37Czng

Request Chain 131

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF34nQtsyEMm3qzqS_dgqUw&google_cver=1&google_push=Aa02lx9s1PklXzXY99AFdGXOxcHY2CYFioVXz49nka1RML-26hNmz1M4-hLrHI_1xAYRjP3k8qtJlwmBBSY9Bzz7oCevZDbcBIenlgY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9s1PklXzXY99AFdGXOxcHY2CYFioVXz49nka1RML-26hNmz1M4-hLrHI_1xAYRjP3k8qtJlwmBBSY9Bzz7oCevZDbcBIenlgY HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 132

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENGnPHUlH9fl8NnEPsWYhQ8&google_cver=1&google_push=Aa02lx83DQBxi_xAbXR-il2R16CU7mU6oDMDbgnC2bWLuxVPjhNXt_u9Yi8J0YqMoqrJG2otNhMuJhIWWRtCCE1z-G7jjkmlhbawsMA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx83DQBxi_xAbXR-il2R16CU7mU6oDMDbgnC2bWLuxVPjhNXt_u9Yi8J0YqMoqrJG2otNhMuJhIWWRtCCE1z-G7jjkmlhbawsMA HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&C=1

Request Chain 141

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2j4-YQKWi9HBBPCQgDjwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&google_hm=2

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEAzNZMUlkj1aGOUNRtXPxTk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAzNZMUlkj1aGOUNRtXPxTk%26google_cver%3D1

Request Chain 143

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1MDgyODY3OTQzNjA3NDgyMg%3D%3D

Request Chain 158

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 179

https://um.simpli.fi/gp_match?google_gid=CAESEEYJS82gmg2uafoecG6ce3k&google_cver=1&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-f0a0dAexBjFFX2YNH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2B81DC2A85B4F49AEAF587C22DEB35B&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-f0a0dAexBjFFX2YNH

Request Chain 180

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESED6VyicbYwmPqZwctLCWJtY&google_cver=1&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp74kBBP_5qt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp74kBBP_5qt&google_hm=eS1NZ1VJZ214RTJwRTBzemJtMDJ0ZzF6YnhtMXByZkNIaH5B

Request Chain 181

https://d5p.de17a.com/cookies/google?google_gid=CAESEKh_qsfEdJCaKgM7SYbh7Kg&google_cver=1&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKh_qsfEdJCaKgM7SYbh7Kg&google_cver=1&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo

Request Chain 182

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBnrgUvlShIYC8-gqTr9x9g&google_cver=1&google_push=Aa02lx-cPL6yOSOWT0TGco7lD5Av2kyh1Xlt5MtZgBvyLoqgVWBSAFCSGXZg4ex_Xy-inv8DliwG8-jJAzI72i9ww0pW6tZsIijNnNEj HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBnrgUvlShIYC8-gqTr9x9g&google_cver=1&google_push=Aa02lx-cPL6yOSOWT0TGco7lD5Av2kyh1Xlt5MtZgBvyLoqgVWBSAFCSGXZg4ex_Xy-inv8DliwG8-jJAzI72i9ww0pW6tZsIijNnNEj&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vDqVTuD6SIqVnV5vt5ZwYg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-cPL6yOSOWT0TGco7lD5Av2kyh1Xlt5MtZgBvyLoqgVWBSAFCSGXZg4ex_Xy-inv8DliwG8-jJAzI72i9ww0pW6tZsIijNnNEj

Request Chain 183

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF34nQtsyEMm3qzqS_dgqUw&google_cver=1&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esms624yJ78OK6_orW-cAs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esms624yJ78OK6_orW-cAs

Request Chain 184

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMBAutadcS6Ne16fC9ImWxc&google_cver=1&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBGJKB_Zishqzd0i8v24hc-zScJqxdm2aASAIvwRNkYMdrS9x6P HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBGJKB_Zishqzd0i8v24hc-zScJqxdm2aASAIvwRNkYMdrS9x6P

Request Chain 185

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHDXndz5HRuurPCSFWADi1U&google_cver=1&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ_ZnEKxRYR-dFrc5_-fUJhQakiGLzESXg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHDXndz5HRuurPCSFWADi1U&google_cver=1&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ_ZnEKxRYR-dFrc5_-fUJhQakiGLzESXg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1XakhDUUZKRTJ1RVFORXgwMXE3cTVoMW9LNHhjdHRXWn5B&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ_ZnEKxRYR-dFrc5_-fUJhQakiGLzESXg

Request Chain 210

https://fw.adsafeprotected.com/rfw/st/990511/61634094/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-2244847655937829&ias_chanId=1&ias_placementId=19422215943&bidurl=https://www.federalpay.org/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h6wqJv4MI7OyhIdDDq-1yr&adContainerId=brand_safety_46PtY93OCOyOjuwP7vmtuAM&cbFunctionName=goog_wrapCb_46PtY93OCOyOjuwP7vmtuAM&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_320x50.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.federalpay.org&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.federalpay.org%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2244847655937829%26output%3Dhtml%26h%3D50%26adk%3D2997668557%26adf%3D860136868%26pi%3Dt.aa~a.3239500717~rp.4%26w%3D351%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1676518370%26rafmt%3D1%26to%3Dqs%26pwprc%3D9502040090%26format%3D351x50%26url%3Dhttps%253A%252F%252Fwww.federalpay.org%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1676518370414%26bpp%3D1%26bdt%3D2910%26idt%3D1%26shv%3Dr20230213%26mjsv%3Dm202302090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D7f8ca04c350b8f1a-2281f21094dc00e6%253AT%253D1676518368%253ART%253D1676518368%253AS%253DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w%26gpic%3DUID%253D00000bb749611ba5%253AT%253D1676518368%253ART%253D1676518368%253AS%253DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A%26prev_fmts%3D0x0%252C351x280%252C160x240%26nras%3D3%26correlator%3D865048011137%26frm%3D20%26pv%3D1%26ga_vid%3D281542447.1676518368%26ga_sid%3D1676518369%26ga_hid%3D854849690%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D986%26ady%3D1353%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C42531706%252C31071755%252C31072427%26oid%3D2%26psts%3DAD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM%26pvsid%3D1868356005816880%26tmod%3D1344490217%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D5%26uci%3Da!5%26btvi%3D2%26fsb%3D1%26xpc%3DDDNizXr60w%26p%3Dhttps%253A%2F%2Fwww.federalpay.org%26dtd%3D16&adsafe_type=bed&adsafe_jsinfo=,id:ce9b26c8-d2a7-8b41-e0f4-ab439a7dd90c,c:4lPLxJ,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-69f5898b7f-rbqxj,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:sp,cc:0.0.320.50,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:2,mot:0,app:0,maw:0,fm:tvZGewN+11%7C12%7C13%7C141%7C151%7C152%7C161*.990511-61634094%7C1611%7C1612%7C1613%7C1614%7C1711%7C1712%7C181%7C191%7C1a1,idMap:161*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:22,oid:978bf29e-adaa-11ed-bc15-1ab6c11dd2f9,v:19.8.394,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 233

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&RedC=c.clarity.ms&MXFR=2C5BB4D42E1D626B02F4A66E2A1D6C89 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&MUID=22A41CA9C25E610207EE0E13C3D560D4

Request Chain 235

https://web.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large HTTP 302
https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large&_rdc=1&_rdr

244 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.federalpay.org/
Redirect Chain

https://www.federalpay.com/
https://www.federalpay.org/

21 KB
7 KB

509ms
256ms

Document
text/html

2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5de77c6701eb667f708a0159a645cc214e64dc3d99a4acc3b5708aac0746baae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 79a337d36eff37de-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 16 Feb 2023 03:32:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQ38MIGClEeslbxAgPMNhTRMs2vWyWwqVqHbLAB6FeHzBammTToNNpyd9HXXKq5p5bS%2B6NczJQIT4Xwwxc3ny9c7XCLtrBpo5VjB3aP%2BirFdWyxj9tTtQ5Pn2UHVu69zyGH3udRPr7wu4RAwEDD16Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 224
content-type: text/html; charset=UTF-8
date: Thu, 16 Feb 2023 03:32:46 GMT
location: https://www.federalpay.org/
server: ghs
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/ 118 KB
16 KB 135ms
48ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 108862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16098
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-1d9ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVKhY4p5NwI71z%2FuQz9X4Dm8PdSRGMq2uGQDSZ%2FnuFNwh1ixEalE1l%2F0Jl4YyjHdKjca7Ubi7Ahe38ymjsrAhGZBokrMRDH41mGRTfUqKbx7ffXI%2FEm4xFnXpMnjPr4uPLYp6TUJQYZXYra1Uq3c2q%2B3"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a337d5998a3605-FRA
expires: Tue, 06 Feb 2024 03:32:47 GMT

GET
H2 200 styles.css
www.federalpay.org/resources/css/ 11 KB
3 KB 250ms
248ms Stylesheet
text/css 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/resources/css/styles.css?v=2019-10-19

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=14936
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: W/"605182f4-3a58"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NGN%2FuFS6KpWQ0GiuJIUNSiMul20kGuYx3CQF5bOZcr%2BQB3m62i6concx88RamrxHh1V8vXRc%2FiVUbyFRwOjZha1Hp1j72nNAvKyxmGCgCsu5W580b7itJp5pHP1ZUBjYRIhUxbNv8mdSjFYz%2FAi7iA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2678400
cf-ray: 79a337d5080337de-FRA

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/ 82 KB
26 KB 141ms
54ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1084863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26657
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-14938"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=43ZWKJ89onN7Cp2UsRt9gzUPZueVrbrZqdDJHK02NcO%2Bks%2F9OO9b2riFulBlyRIJbzco0SPtTaSjucUIOtIwTVDbcQi%2FkuzKoErgO7YwIzsyq5IaL4aa6xcXC%2Ftsaij%2FdFDK0Rdeob5qpdpDKC8GpeCh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a337d5998b3605-FRA
expires: Tue, 06 Feb 2024 03:32:47 GMT

GET
H2 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/ 36 KB
9 KB 137ms
50ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1289681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8654
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-9004"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AhZDrohdxd%2BlElY0wbXrz9lr%2BPbs%2FOMoht6DbRfudGHeOeMmaLem9Zjj9qLfiEieeNX1PS6SmiWe0U%2FtuHLhCCqPG9sin8PUxwIdP%2FCF%2BJlEAH0YMmmUFw4HZdRlcP0woCU2a9%2BNwXWmqC8wPTkp7Yux"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a337d5998c3605-FRA
expires: Tue, 06 Feb 2024 03:32:47 GMT

GET
H3 200 global.js Show response
www.federalpay.org/resources/js/ 3 KB
2 KB 228ms
226ms Script
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/resources/js/global.js?v=0.2.2

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

943183889713daa24baaf124084e45f92a1912b81130c6383eb03dffeb554293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=4017
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: W/"605182f4-fb1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SF6i2vrEEs9YSEMY1c4H4HZTehiSZh066fYsKgF%2Fk5tb01%2Fx6AhPaO%2FyVW3BFVUl81ZKj3yB7f5lO005cV6IIxaV0uOjMpwHeQdoXwEmFOpvfsmYenNhACB9Mno36dvE71S6PIJf5as%2B5cSsa6yygg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2678400
cf-ray: 79a337d63feb3aa0-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
49 KB 220ms
105ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4bfa7a3417c761325430ed72a1e6acfdc9c7cf772386a5dea0564c6bdad28571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49574
x-xss-protection: 0
server: cafe
etag: 1067434923341735675
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 03:32:47 GMT

GET
H3 200 logo.png
www.federalpay.org/resources/img/ 2 KB
2 KB 286ms
281ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1854
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-73e"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGBRnzGY%2BEiT9I%2F0yLXoVto8dPcWtAvKde2HCXB9SZekPP%2FpIOGapuryNIr18gBzWEw5r%2Bh1L%2FsHFQPk9GEY%2BfaGN4mDBopTahefXasfjtLEBvEwcJ8hP49fXzAbApW46BMuz4Yqu%2FUUg5vxdhXY9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a82d3aa0-FRA

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/
Redirect Chain

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

137ms
41ms

Script
text/javascript

2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 09:37:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64495
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Thu, 16 Feb 2023 09:37:53 GMT

Redirect headers

date: Thu, 16 Feb 2023 03:32:48 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/prose/brandjs.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Thu, 16 Feb 2023 04:02:48 GMT

GET
H3 200 opm-seal.png
www.federalpay.org/resources/img/ 33 KB
33 KB 229ms
224ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/opm-seal.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33448
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-82a8"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iZSEFycbHWBqdNdNzY4N59Ujr8GHBrIPSkWctsCfSsqm%2FlETSKz%2Bgs1rLP0U4HK3ouPsnxtNyvgG7frqgVxQKMjSNVU8oXMKzYsQ6wRMeVRp0LjlG9JHbO%2BX8g8p%2B1mPsDBvR3PJso8puuLvh4XNdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a82e3aa0-FRA

GET
H3 200 logo-red.png
www.federalpay.org/resources/img/ 2 KB
2 KB 405ms
399ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo-red.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1907
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-773"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cpkOg7QXVMh28jwmVEv8bSjCwVdnmdvOoY7wXx%2BPOfi8VmAbaKIJYJdCFeAWaAZcsVqaCrclhuum%2FlPHPZM%2B9K5jwMa4TT5M1oyG8CWLfV9MAMAuyj1ACrLxAKZsgTt40ttbSE6WZ6vx6bcdcOdyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a82f3aa0-FRA

GET
H3 200 capitol-building.jpg
www.federalpay.org/resources/img/ 46 KB
47 KB 405ms
400ms Image
image/jpeg 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/capitol-building.jpg

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f8ad4173570e057e22f21d5bd0ceeec8e58c7792a425110eeb85ebd4486e5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 47092
x-xss-protection: 1; mode=block
cf-bgj: h2pri
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-b7f4"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kSoO4WkanZBlcy4Vku%2F7mFyKh0sT8hgMEXI%2B83W%2Fn6h%2FMvZ9ok73AnF5VUh3yClpIR6aX3qLDEIvqYPXQTKc7RKEyWqiym2GaYXyrZ3dOmYw%2Be0nI9RSWgE7JIk%2BZ1EUqlPejNEePCOTE4e2f1CHzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8303aa0-FRA

GET
H3 200 capitol-building-2.jpg
www.federalpay.org/resources/img/ 171 KB
171 KB 525ms
520ms Image
image/jpeg 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/capitol-building-2.jpg

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dcac686e5164bd55ca5cdee8e8b253ad4208eff9d8acd7a2947623def87fcc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 174892
x-xss-protection: 1; mode=block
cf-bgj: h2pri
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-2ab2c"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXeHwqf0nXOWEHUPWapiMNkW3pxhmV1gItAJIrSrwii8fgpUJaCJq2YVZwcOFLD7qAodo91VNNmbKMyzBS5hCn4An2JuT%2BEG5Lc9RxbiAOmF%2FXOsFAmklAkOb2LyWNbZm2pfXUQ493SB3Bgr9JVASw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8313aa0-FRA

GET
H3 200 calculators.jpg
www.federalpay.org/resources/img/ 83 KB
84 KB 984ms
979ms Image
image/jpeg 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/calculators.jpg

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6957ee1495fb247d4cf0ca4a1e5e372588df7ad06f8325295e062c545f7e10c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85010
x-xss-protection: 1; mode=block
cf-bgj: h2pri
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-14c12"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0aOxHYxCatYoMj%2BjeVU949GiGtwssLGjZHt4yzISyppaMsgnE5F4TkmG0KLL2Z0BAuYUCia%2FixgSlWwylZ6lFCD1DG%2FMu1%2Bys8yg2xexJ5Ax9f2dMaZOa438BmzehwcSh3Z2WxOWGz%2BRJR3OUK79rA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8333aa0-FRA

GET
H3 200 general-schedule-employee.png
www.federalpay.org/resources/img/ 9 KB
10 KB 220ms
215ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/general-schedule-employee.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e43605ca32da904932a2e10a42487bc21d61dbe71524d83aea328d8fb6348c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9645
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-25ad"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zo%2FMYE%2Fb6CAc%2B7MKrU62iAFFvjwThvEZHpC7h7toQiAwJHZZgiPGOdksebnZ6xxHk%2BuqZiDvPcCo0G%2B8cMicSI4PGIcy3cxFEDcRT6oDxBhBbprrbvfPqJ%2BHHTA5qkOGeLTGoPc7kssiXGkggJfc6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8343aa0-FRA

GET
H3 200 federal-wage-system-employee.png
www.federalpay.org/resources/img/ 7 KB
7 KB 1162ms
1157ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/federal-wage-system-employee.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

865fa3bea1542f724eaa72b2a2ec9af3445570cd6be714f2b585536651d13756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6831
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-1aaf"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bu6hgw9k3egMbpj73NTEjf9ndqP6rslvrhYRORiFMqEGXt52BtpvVRAxhbfNhVuPHGfdFFIyxDFAsSrD7BZFV1fssaWjxV0Z0zWKQYJmfTxW1gqVdg%2F6O5csdBT8GMnLaRPse3c6iCEW87ojxBc4zA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8353aa0-FRA

GET
H3 200 law-enforcement-officer.png
www.federalpay.org/resources/img/ 8 KB
8 KB 1180ms
1175ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/law-enforcement-officer.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e3c578cd274123d78787fd820253d4bb2254e09c78507f9752dddbcf62d580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7733
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-1e35"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmAInipUFA7djSorRdPtF5nI2v%2B9RUdLs%2FyiCOZ58qVzqjlbeRV7OOtgYSMus15B%2BQ5VMy2wsGZWB%2B3chBeWEQ7Yyk0oRsaNPBeyO%2FGYxRrn5OqocZrwQf%2FxNHaYZRfH6f0%2FIcoq%2BVRCjJkYBE1XFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8373aa0-FRA

GET
H3 200 senior-executive-service-employee.png
www.federalpay.org/resources/img/ 23 KB
23 KB 1190ms
1184ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/senior-executive-service-employee.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e36e8c67d4dc194c3e39dd2c7da7458cb770be08dc04899482cc57574cfd3f66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23200
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-5aa0"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8u4dceRQAGit2wslupHt96PTtFpMvvjUEnnMgv31nCRA2YOe3EoqfliQ1YziFJdp5D6jhbAzfnFKXaKb1Ut6h4N8wDsZNZfQhyHFxgiBRY3SkLfIuERt0RFrxXpKgxQISrZ3Ds23P0VLio1fsMmhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a83a3aa0-FRA

GET
H3 200 army-officer.png
www.federalpay.org/resources/img/ 7 KB
7 KB 1240ms
1234ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/army-officer.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87b54a8348e6c889fc92235ffb4f3dd186480cf6fa36ba973f9d3cb8e6e0afe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7063
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-1b97"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1rSOHsCz8e6Fyus3L80vBIQlieIah6XlF86giGggRo7F6UXk%2Ff%2FOgsrFqmoj35wQhSd6Qe5eJMe4daIkOPn39lPmoSfsSEZheYJd0OjH7fI4SJ6gDsoKgNnb8StIM5xGhdaOuGmOOAqtlKl52HR80w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a83c3aa0-FRA

GET
H3 200 external_link.png
www.federalpay.org/resources/img/ 144 B
648 B 1259ms
1254ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/external_link.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a0acd631fd5704e940b9f486d3234aa9ab871881733f48d6edd3cb1f1a09ffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 144
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-90"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6Uv0ckqBAU4TVW5r5iblRI6tb0UxATSxEaCIto8UEijZdax4xURAPQ4tttJPJNClouUP0lLZ6qMYDnSCWpoFw5d%2B7xRa9W11oK2j8tRGhYDkmFpgsKvOltt4%2Bnr%2FGPTkSHHxQjoySrD3eRWDDwTCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a83d3aa0-FRA

GET
H3 200 logo-blue-trans.png
www.federalpay.org/resources/img/ 10 KB
10 KB 1259ms
1254ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo-blue-trans.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fe6d13fa599e5de72b45ad29add45befb6100f913992b0ba80744b319dd1724

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9890
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
etag: "605182f4-26a2"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPm3wDMJDPyq2JRdyc8zvJc%2Bg14WwdWlW%2FwFl54B16BwmpB2hyCe9l1%2BScIwqDQgq%2F5VDhuuDFj56W9XHeEDsZ%2Beesi9htejdEtCILOR8YePPcla1NG%2BcAs%2BJgManwwlVOTDKpF7zHYsc%2BNmpN7QRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 79a337d6a8403aa0-FRA

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 595ms
40ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

d848596862dc467753be725168bcce54b0b80c5c12443ed32536f5d4d73eacf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.federalpay.org/
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 03:32:48 GMT
content-md5: u3WhmYg2vBShCLYp4/tFSg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 4vP6dvl+Ah5S8aP1Wz59sVB/57eTmBW/Hc7s8YSXMXqf1D4x48kyf4lB2EpSwCmnfrtDJvVnyH4mFYm+ZlnJVA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: 4b846d1de5ed29d9d95a590029fc04ed
cross-origin-opener-policy: same-origin-allow-popups
etag: "9bbae61102edad2f4fc74e0f33b78a5e"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 16 Feb 2023 03:38:32 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 100 KB
39 KB 196ms
93ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PBK8X4G

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3edbada655bef1b68e54890febd65a1612b96f65a9a2ffbf75df9e55465eaaa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40047
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Feb 2023 03:32:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 201ms
55ms Script
text/javascript 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 03:12:08 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1239
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 16 Feb 2023 05:12:08 GMT

GET
H3 200 glyphicons-halflings-regular.woff2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/ 18 KB
18 KB 201ms
146ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1295258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18028
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-466c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pBH3r0hTKZQd%2F9ZJAU%2Fgg5zxp9Hd%2FCTyt3L2cDtGXvbU62aI%2BiLjtHC41al7bTpLdRuJEYxTFygVdLBoxp3plGKXxQJx3XA%2BLP%2FU%2BqRaNFg5y6on0ZtfwkTpVRy0%2FjBoWwl%2Bt%2BtbDkNRnvMTJQTlggfS"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79a337d74a683a82-FRA
expires: Tue, 06 Feb 2024 03:32:47 GMT

GET
H3 200 invisible.js Show response
www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame B99D 34 KB
15 KB 46ms
45ms Script
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676505600
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64e69398cba2d0e3ee4000178b92a31aa2d294a9cbdaca9e41b5d1864088c607

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msCcoKh%2B6Xa1qOaA%2BpqPAV2Mi6L8w%2FiEC5Q4b3lHFGnY2rHx8jh%2BbX4%2FI811HtS0PvKQpmgRGPQdsSfB%2FGvnLVI2ZZ7TUVonPdeQWRQvMuOdsb%2FzcDf23aWxAAZbWGtx0RFuf%2Br14myVrYVXwZ%2FqKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a337d708633aa0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 99 KB
33 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js?_=1676518367762

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c07ec14b8592c8bff8b3af5c670a56f9e86cb8af430429478ca017993c266f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34155
x-xss-protection: 0
server: cafe
etag: 11520518321588488458
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 03:32:47 GMT

POST
H3 200 holiday-banner Show response
www.federalpay.org/ 17 B
494 B 1119ms
1119ms XHR
application/json 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/holiday-banner

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.federalpay.org/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u7a2R0HFW4z8jAeHgptASThZa5d%2F7gNhApJnCFXBCOe0G%2Fgt4E83URH%2Fqckaiy4y7GrshJNxpdv%2B9vNgw26OqCZJCza2Ue84qqoSuhDWOuV5hD8PUo8cWliamS%2FQjhw6h5BGomXrJE%2FrmA3g7Mxt7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
x-frame-options: SAMEORIGIN
cf-ray: 79a337d7b8d43aa0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3 200 pica.js
www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/ Frame B99D 18 KB
8 KB 1084ms
1083ms Other
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86cedae3e9e649588cc3c57fbd7f70fbfb274ba9f27cbbc17ee0bbfc1e59e931

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uhNBpcigy3EbrjcjP48zqxKCHdHZO8B3d7KLXNUucq1l9P1bu8EgNlohvm41SaFdZnWSTYtWxLNkc66GvsJbcAYDHUaELNE8UDwcQFMIk7Akud%2BXDVJ6SLRPgIXzBGPjJUZ%2BwSibYux3eUNQjR9dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a337d7f8f43aa0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
349 B 354ms
48ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-41947475-7&cid=281542447.1676518368&jid=930272966&gjid=1365046185&_gid=1858894864.1676518368&_u=IGBAgEABAAAAAEAAI~&z=280644077

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 16 Feb 2023 03:32:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.federalpay.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
193 B 65ms
44ms Image
image/gif 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=854849690&t=pageview&_s=1&dl=https%3A%2F%2Fwww.federalpay.org%2F&ul=en-us&de=UTF-8&dt=FederalPay.org%20-%20The%20Civil%20Employee%27s%20Resource&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEABAAAAAAAAI~&jid=930272966&gjid=1365046185&cid=281542447.1676518368&tid=UA-41947475-7&_gid=1858894864.1676518368&z=673319187

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 01:06:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 8765
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c5hu6eqo5c Show response
www.clarity.ms/tag/ 1 KB
1 KB 412ms
129ms Script
application/x-javascript 2620:1ec:4e:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/c5hu6eqo5c?ref=gtm2
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4e:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 7fcf730053ba74f980e15c1419e08714606f969edb7e53d8c734f717d24ccedb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 16 Feb 2023 03:32:47 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 04KPtYwAAAACsgw7OqyWUTaF5Fv/cgBixRlJBMzFFREdFMDMxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
76 KB 57ms
55ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-69P9YCZJQH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PBK8X4G

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

078b1eaed954a40f2ecd30bb19c744b1e4fe4d8e894da67b90f51852d1065006

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77957
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Feb 2023 03:32:48 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/ 366 KB
120 KB 395ms
394ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2244847655937829&plah=www.federalpay.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93731dfb508247e0f34f39e0fffbd337711e3a2701854b865a44553090ca3c93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123020
x-xss-protection: 0
server: cafe
etag: 147553358453999090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 03:32:48 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/ Frame 3AB7 10 KB
5 KB 185ms
53ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 59180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 11:06:28 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 11:06:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 42ms
41ms Script
application/x-javascript 157.240.20.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=8b61f7a5f7be3039a20458ae0a740e97

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-frt3.fbcdn.net

Software

Resource Hash

8fb194f8c71e8af1c806b1addbdb52ca6502257bd1a2aa400a86b04888271879

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.federalpay.org/
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 03:32:48 GMT
content-md5: SOuzQoxLXHBHzyXJuVGJyw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87035
x-fb-rlafr: 0
x-fb-debug: 0CY7Ik9P4Lp5A6iKWWoTjHVvB3FVNYjunfioxkdP4HJHBr6TS7++qixoQnJfhS6DvbFTNzVG8E7EdXMQWKcdXQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: 40779015717673fc934ce7c248c7941f
cross-origin-opener-policy: same-origin-allow-popups
etag: "4c09fed1e4304cbe33145cc511e9b879"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 16 Feb 2024 01:47:41 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-f/s/0.7.2/ 56 KB
19 KB 43ms
42ms Script
application/javascript 2620:1ec:4e:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-f/s/0.7.2/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/c5hu6eqo5c?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4e:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 99b523edd72385876c466fc061393829b08dec3aa544963373b22a08fb97784f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:47 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0eoXtYwAAAAAUuaVolWI1Ras40YXz7J7kRlJBMjMxMDUwNDE4MDI3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d93c95f148481c"
x-azure-ref: 04KPtYwAAAAC5wXPxNgz+SoUIU4/UUFbJRlJBMzFFREdFMDMxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 310ms
46ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-69P9YCZJQH&gtm=45je32f0&_p=854849690&cid=281542447.1676518368&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676518368&sct=1&seg=0&dl=https%3A%2F%2Fwww.federalpay.org%2F&dt=FederalPay.org%20-%20The%20Civil%20Employee%27s%20Resource&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-69P9YCZJQH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.federalpay.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
2 KB 158ms
44ms Image
image/png 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 00:23:05 GMT
x-content-type-options: nosniff
age: 184183
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1372
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 14 Feb 2024 00:23:05 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
608 B 215ms
75ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.federalpay.org&callback=_gfp_s_&client=ca-pub-2244847655937829

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2244847655937829&plah=www.federalpay.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab45052573567e130cc91484fde5a4f6c00f5b08e950bb2391c3482a9057d133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 223ms
75ms Script
application/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 225ms
76ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AA59 428 KB
79 KB 1015ms
1011ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&adk=1812271804&adf=3025194257&lmt=1676518368&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368066&bpp=4&bdt=562&idt=514&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=865048011137&frm=20&pv=2&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=547

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68875c837f994fa1d93eddca26a37d91c6114aac3ac589235492f76bfc8b4de4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 80696
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:49 GMT
expires: Thu, 16 Feb 2023 03:32:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 13C2 92 KB
33 KB 578ms
577ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=7684466267&adk=3741586606&adf=1864244998&pi=t.ma~as.7684466267&w=351&fwrn=4&fwrnh=100&lmt=1676518368&rafmt=1&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368070&bpp=2&bdt=567&idt=551&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=686&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iPoqXCFlN4&p=https%3A//www.federalpay.org&dtd=557

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

134de49da67973e2a9141c456cf0ca8f7f022400db7c57e77a491120f4f8c1c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34060
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:49 GMT
expires: Thu, 16 Feb 2023 03:32:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect Show response
n.clarity.ms/ 0
167 B 646ms
276ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.7.2/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 16 Feb 2023 03:32:48 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

POST
H3 200 79a337d36eff37de Show response
www.federalpay.org/cdn-cgi/challenge-platform/h/b/cv/result/ Frame B99D 2 B
684 B 58ms
56ms XHR
text/plain 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/cv/result/79a337d36eff37de
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676505600
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Feb 2023 03:32:49 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIH5iswxUlhErLHvGYBG9TLqo3xBzVJjT3X%2FWxzW636u9iZkS9LTdk4qx%2B2JJR48zVQR%2B5kpjwVNTv0306Mo9IEs0l7Eyk%2BDl0HYDJKBKd4Xz%2BMf4W7BImw1ZhVhXIkQbcryfMEMxeYWAGbMs3kboA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 79a337e08dc53aa0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 13C2 2 KB
845 B 168ms
65ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=7684466267&adk=3741586606&adf=1864244998&pi=t.ma~as.7684466267&w=351&fwrn=4&fwrnh=100&lmt=1676518368&rafmt=1&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368070&bpp=2&bdt=567&idt=551&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=686&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iPoqXCFlN4&p=https%3A//www.federalpay.org&dtd=557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 13C2 22 KB
9 KB 142ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54014
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 13C2 3 KB
1 KB 159ms
66ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33717
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 13C2 20 KB
8 KB 147ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7740
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 13C2 156 KB
48 KB 247ms
107ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:49 GMT

GET
H2 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame 13C2 33 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 13C2 0
0 101ms
101ms Fetch
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CFuQg4KPtY5rEKou8x_APiuOhoASqyoG1ZqeQ9cq3EJXl2r_NARABIOfMsCBglcKmgrAHoAHcx8eWA8gBAakCS5CmklbvsT6oAwHIA8sEqgTsAU_QSIFfiKhnkn1Uu3h31f7un45gRmqxmJn1CvmN6HNCRjt7SyU4T7vEaLZh7UTn5J1X4Uyv_-_VUU_q2NF4Ce2GzfV7n3ToX_XjufjL_0VonRIw_NzyyTDV-lTmieOA7dfQkvSpqc7n9reXDiyd0xR26X45TnjVMqVqz5cC0x3hmfLUijynNx6fPNHJFkEEH39W_wypVHHp_kfqDX9OMIxU2v5ClrRnbUNfV3ZiB6IDJFXqFCPCKG7K6u-bvHTA1xNxjVylfZeB6ppbHZ-DGGAcPqkVjzQH9DN5kg-MA_fHqwoL01NMM8e_XH31wAT24YfTswKSBQQIBBgBkgUECAUYBKAGAoAHjLi4aagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEK_OFNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=3VsbYP8T70M&uach_m=[UACH]&cid=CAQSGwDUE5ymT_9dUDQJdgGqNxteQQ2pQCBtRlyS_RgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=7684466267&adk=3741586606&adf=1864244998&pi=t.ma~as.7684466267&w=351&fwrn=4&fwrnh=100&lmt=1676518368&rafmt=1&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518368070&bpp=2&bdt=567&idt=551&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=686&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=iPoqXCFlN4&p=https%3A//www.federalpay.org&dtd=557
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 03:32:49 GMT

GET
H2 200 6537241451498455430
tpc.googlesyndication.com/daca_images/simgad/ Frame 13C2 27 KB
28 KB 168ms
83ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/6537241451498455430?w=600&h=500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

743940ca4cc7c9bee00a9b29cddeddf616a82b814f86024c8553d2ff994b6be3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 00:19:48 GMT
x-content-type-options: nosniff
age: 97981
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27898
x-xss-protection: 0
last-modified: Wed, 28 Sep 2022 00:39:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Feb 2023 00:19:48 GMT

GET
DATA 200
OK truncated
/ Frame 13C2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0172d65150eb4e3f189e5a17015208703ba2aa42b64c6ef4035c050147493c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 140D 36 KB
14 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21617
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

POST
H2 204 collect Show response
n.clarity.ms/ 0
48 B 133ms
133ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.7.2/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 16 Feb 2023 03:32:50 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/ 150 KB
51 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7358c3a2a6d078a8f370ce02eb2c126902c2acc31b66bf3f7431afafe44a2de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52311
x-xss-protection: 0
server: cafe
etag: 11555276843103530127
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 95ms
95ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_inf_scr&r=p&pg_h=1855&su=www.federalpay.org&d=5000&pvc=1868356005816880&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 75ms
74ms Script
application/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 76ms
75ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 473E 26 KB
12 KB 371ms
370ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b189f3ea3df83906ca1e90c1c82524266945c147ae429af7bbfcd74615b2ee63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11837
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 69D3 21 KB
9 KB 454ms
453ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bee52ff1d1de05f161e8e9c07ba45d38cdffda23d9b765945c10d754d84bae7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 8822
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 88E1 10 KB
4 KB 113ms
112ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:57:47 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:57:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame B148 10 KB
4 KB 106ms
105ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:57:47 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:57:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 57E0 10 KB
4 KB 102ms
99ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:57:47 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:57:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 4D4E 10 KB
4 KB 100ms
99ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:57:47 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:57:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame B148 8 KB
968 B 210ms
83ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:13:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame B148 2 KB
803 B 41ms
37ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7390
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame B148 22 KB
9 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame B148 3 KB
1 KB 55ms
52ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame B148 20 KB
8 KB 48ms
45ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B148 156 KB
48 KB 100ms
97ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame B148 33 KB
14 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9285 182 KB
52 KB 334ms
148ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4AAKUGsIEfDsAA7ff9mBcMxGT5IU4qRtlg&u=%7C8pGZcb0Xuqj30VgiVuQ75WtEusHMY9F862XWd1cyfwE%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakj_vOW-2yxcdN9EEMU4bfVZCLg28_9_-efnKkZihT3pj6XXN8eUljhTzIuko3hQWrnn1_NY9n2v4OnprJ7cqbAvnMWiD7zFT4jEc5RF3BsM02_yF1kziRNKiJsKPmqBhHNYKqMM001wbPIkdOgasLegn4kMKcRmbYnF-m5ANxVZ_AmU-8saDouV-l9krW7fSa97alwjrXI5D_RAK96ppDmXRVo-Y0VgPhXebLVsasY21S1GT-X6CpEqx9RE9jZHWd1wUfnsrQewodCiqmnMCKXHKGXWU6GcvpOBqKFtqOQmWwYQG3Y4Kk0_pe6X2IfHoM11yU2ECDyJa3piJoX2bM9oBjPFpJ6lvKDIH5rJKG2ZmGdWvQA80HJLNhUwiEL6Yix7XI5gJ10-8wHGgBCIFmLz42gETnj-E0vk55xuwZHibJzccTYZZmYmFc2GdjT00IB7I2CpzK9vdwL2eWzgYDmD9VsfKztoADwfmP0PJW_zRIvGo1m1JzqrLd9-0jkG1NI2gPJbDmY9gCjPklYYXM_v6tvLPf-587ryzz1qfyUvQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLWcx4KPtY-ugKezhx_AP_767uAPJntKxXNWdkfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpAkuQppJW77E-qAMBqgTgAU_Q6CgSVBoaEBayVkA3BmuM6nFyqYqnHYbLfyFTLYjiT66Il3oPo8xYFGNsmFHYItuiY5TsnJCCwija7liX5qP_6QXtH2Z8NZrDliUkJNBLPoRrEbF3NlMIuoOVB4oqQiXtqkv9dNCN8HLWYEtwrv5ITgDsP86eQuWzzLsPlwH5yeKbPOEuVhKBZ8hvQqic4_JlPl9SPIZqIMZSXDJtH0YCd6-PYEA7T1P8di5uVrgeQu-MSj3asC78ySy7Wu86wsydvTMs9SRhgMH2oHGjLi5al4YLJOKW14Yos0N7Vc1ygAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0RVxSffb0eXAnZfPiZ33W0xxCabg%26client%3Dca-pub-2244847655937829%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

715635550fb66e2755d883679fd7071ad9ed96b6683f72f9000e9f9e1b9598db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=wC9UJUqy1ytkLc8OEH0MPhpTkOsiQJKzS2Rkwa0nvEbXkWwi8gtIyuhLP77DLwgh_savwdGOWdlvuGduWrxNYKlQOntNAeaOBjnTZ3lYYRVtef123lVc0Ulp2jHvoQIXKaDDW8vUOOGj3hPM44EX2M2Hcmd6NG-RZ48How_nzMocuuY9Y1lc3x6sqlFj_y30RAVl8P6IHqIrUk-XejW4ltGV7mjqY3BOYMCMtlpcBOG7Fsm0UGOX1ox4tFPZKGMXsd54Qw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 99237436
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 57E0 3 KB
1 KB 55ms
50ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 57E0 20 KB
8 KB 48ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 57E0 156 KB
48 KB 129ms
125ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 030db783cd93f01ccad1528166361a91.js Show response
www.gstatic.com/mysidia/ Frame 4D4E 9 KB
4 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/030db783cd93f01ccad1528166361a91.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3deda25f1d4dacb2dcb6291e32e305b3390f6225a657f45ce798101dcfcb9865

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8966
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4099
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 17 May 2023 01:03:24 GMT

GET
H3 200 e87dfde068666f2a4f45f2cf8d9866f9.js Show response
www.gstatic.com/mysidia/ Frame 4D4E 10 KB
4 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e87dfde068666f2a4f45f2cf8d9866f9.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e0fe839dbaeea0ad5f7f386e4246dfd27eb9e9408d39bd78a5b240eaff3bc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4350
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4D4E 8 KB
968 B 193ms
84ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 02:48:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 4D4E 2 KB
799 B 60ms
58ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7390
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 4D4E 22 KB
9 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 4D4E 3 KB
1 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 4D4E 20 KB
8 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D4E 156 KB
48 KB 133ms
131ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame 4D4E 33 KB
14 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 88E1 4 KB
1 KB 186ms
83ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 02:31:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 88E1 205 B
229 B 57ms
57ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 20:42:57 GMT
x-content-type-options: nosniff
age: 24593
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 15 Feb 2024 20:42:57 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 88E1 604 B
628 B 58ms
57ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 00:53:07 GMT
x-content-type-options: nosniff
age: 9583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 16 Feb 2024 00:53:07 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 88E1 19 KB
8 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61cfe1e4bad8332eaf07240b9a18cd9c20f55c526e9c0b9ad9bf3255265c695d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 23:08:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8280
x-xss-protection: 0
server: cafe
etag: 4522959314154213365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 23:08:29 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 13C2 42 B
64 B 159ms
77ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstP3RA7MZWXYUPnCg17p7tjoSUzAzdR-ZzJah1y03pJq7GQpPea5qjjjp1IQVCyy370Znq-rtAn5V8gvClyChUjlSZJ8QF-JERIkpj0sW7Zgy_VCDnsCAm-WHGJGvSLVhMHbv-iGw&sai=AMfl-YRYd_javkUAdENSFhDACVZTAD3HUEn1EGj4a4MEBUGnJSpKiJrXSqvJePXQbwwWMKEAbJSHk_puYBcq&sig=Cg0ArKJSzHZW2Jit-gwMEAE&cid=CAQSGwDUE5ymT_9dUDQJdgGqNxteQQ2pQCBtRlyS_RgB&id=lidar2&mcvt=1005&p=0,0,280,351&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3741586606&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676518368629&rpt=1093&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/15806898588811077520/ Frame 4D4E 2 KB
2 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15806898588811077520/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d25c1070f595425708f5e33f7c5a0108498ab4ac3a5ef7e13da0c83c802a12c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:44:45 GMT
x-content-type-options: nosniff
age: 161285
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Sat, 25 Jun 2022 10:17:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Feb 2024 06:44:45 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4D4E 0
0 104ms
104ms Fetch
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cj_8L4KPtY-ygKezhx_AP_767uAPGvtXubcrLvNf_EIqc3cjBARABIOfMsCBglcKmgrAHoAHQ-YSpAcgBAakCS5CmklbvsT6oAwGqBIQCT9BXxqiU2M55Pzs0gsSGi8xqPaXEf1CYlCuXQYbsAPoAk1CswoAbimV6Fi3w4sid5MUMGIU_oNepaYnxReXaAyYWPkNHub9xRfR2w-DKzgX14-tAKsfMUC4UQXu6OxjodUQKHDHDdzuaP2uWh40QwUo8J19ZXkOpoYtcE6ONdxq36_gACgM2n614Nj__cd3BOPpVNSN_1ieEVET_CvCS4_jg4B26DD_lzuNI8Q-JK0c2twVjpRRxrLgurq0NLyXgzJc3O9ioePFDOPMkFbCKN-fbAq-p7hahk21QLbkut8dLwkH9yDbdY5dpu1p6Ypg96kp4bUIjlogPzWnQ7kI-BB2l1WrABL_U24DZA5IFBAgEGAGSBQQIBRgEgAeYhvvWAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEObaNdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMK0BUBmBYBgBcBshccChoIABIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=Kxa4m8tvhrw&uach_m=[UACH]&cid=CAQSGwDUE5ymV1khh_3vQsggIR9W9_mZPCXqHuxw1xgB&template_id=5001

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70CE 143 B
166 B 55ms
54ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1254
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:11:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4D4E 222 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d0485ca3370455d9431f60a8bb5ff8bc5f8a55126a096ee852526e3a940d317

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 473E 3 KB
1 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 473E 20 KB
8 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 473E 0
0 52ms
52ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSYOEs4aLhLM8z7UzKsXbe5pmWs3ynKHO1u5cSWdGmztJZ7tfnwg95_xrXnqft_QCgriDc2wBVGJCW2BnH9zoxYXQmbFw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 473E 156 KB
48 KB 166ms
166ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 473E 0
0 96ms
95ms Fetch
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjqjT4qPtY9LIHcPVx_APrLqoqAjJntKxXL3plfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpApwopOxR8LE-qAMBqgTjAU_QTTJtDRffA6PIuklCinKur4nNnClbgEOyiPaYF_Z3ibUgqWyvL1rhRZAQ9ldjowiuim9MTZ1MQnoTFvitw4gHljWpiukl86LXsfpVLH5gTEjlvA9s3Jdameg89UP3MJY1Ch2wZCuoqrLsMLn0AyLjvXBexvTS9jzUsynBf1gl7cLTDLwX6Clj5Opdv-PBI5hq7BvOcM_GEuuOC6BjFq7TNpOfkHW53fimPKUHkl6JDdO3RMSWyb0kcCN3nI4hALgQzGUnof1rqwt-6Nm4RrnZOD-AdLmUlWakpAVGQmm4Ad03gAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=QeNAekRkpok&uach_m=[UACH]&cid=CAQSOwDUE5ymWISJfCsScLipX3V0VLmHIO0tP3-TKqux9cFKqPPd5OHwXun6SPm8LN6B-Gl540ssa2tqurMpGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 473E 0
0 201ms
45ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFMz6RKAB8AGdg2ICAgAAAOVy1jKj0ynkEOKj7WMrINH-CaMdlXJXWAASAAAKDkFRVUJBUVlCQVFFQkFR&wp=Y-2j4gAHZFIIEerDAAodLErrSgQV5zwOlggMPA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 154640
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame EA73 167 KB
51 KB 296ms
273ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4gAHZFIIEerDAAodLErrSgQV5zwOlggMPA&u=%7C9%2Bpza3QQaLdWr0%2FU3kzWvEWLGNRGCwxSWPjQ0N23B6A%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUalnM-PErbzrhDm9NSv8dviegAVIuycJozGC1Vsh1JFMx0j7JPu3YjhEE-WhM_Uu3omLQ8SSoFoVVXxAtqXrY7IvpnvRWoV0uApFk-rrqtoWUlr19Wkm9NgHnTg_AlU0BFa8Ugt4LSAe7u7V1z8gZnUemxUCOv5HJrHNTCvSuGrbkxqMc2tDckXlq94JoPCKlcL_UokKK648J4jOgJD1HNkFFsQgnONThMhDLGItM4geJPjP7xrNd9Uk2ZZjj7p3xm0d5_chqk0F-6CjnZhR7hGuVXmsZIaYO1YFnicOKpYuiEXgxALhY4jAnqzXwvq6q7K5rF9phgI64Vk0xYxYUU_pkpc9W8Kmc2vT5UqllK_ZdQfv-grtq0r8br5rdmlBKcWjrhSx4aCDOr3cYF3tlk-4pluBA1hq2pJWFR_0aiLqGRV2MyIpGTvo-ayGl5oGGsdmpLuN542V8kdNL91ycVMhgk_GnL9Jm5d3BjN3Fvf1TbN-XNEQVIX75EoiXz6iQ34h0TiCVLL9qc2BCItg0ERXsjYbyfbZlIV2RZVnZ5I8tw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdIuD4qPtY9LIHcPVx_APrLqoqAjJntKxXL3plfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpApwopOxR8LE-qAMBqgTmAU_QTTJtDRffA6PIuklCinKur4nNnClbgEOyiPaYF_Z3ibUgqWyvL1rhRZAQ9ldjowiuim9MTZ1MQnoTFvitw4gHljWpiukl86LXsfpVLH5gTEjlvA9s3Jdameg89UP3MJY1Ch2wZCuoqrLsMLn0AyLjvXBexvTS9jzUsynBf1gl7cLTDLwX6Clj5Opdv-PBI5hq7BvOcM_GEuuOC6BjFq7TNpOfkHW53fimPKUHkl6JDdO3RMSWyb0kcCN3nMwjISqXQ_k0HmF_CNtDTiGxUrNvMhGY9g1cqMBWGxtqWuwShc6IW_pWgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2v2YQxOzGpgZPa3RJ0JGnCF5snIA%26client%3Dca-pub-2244847655937829%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6d3e8ffc82936e7001101b073ec18b18a70538cf58e8fdac1599725f05e19fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=VsK1Gkqy1ytkLc8OPKy9EAiXFFLwTDzA7YgNt3Bgt3yL91_OcubkL0gtBM7aPrMimk9qr2xd8tmBdDPQ_THtAQrgnDMES-5saiRRsEAt2cCuZQb_CA1QpmcdpgqwWygTc9coa84Dj3K4G_cl64iC9U4UNkkiGDdFQdCaFUS8yE1U3GnGwZyWo6bid7QfoLh1BpRWRAZUrj5F6LWIgF3Y2DhRMBM1u6SApbsyGMPRgMrPToFbLzaT-IV43roI0giVvk-W3Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 102242446
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 220B 1 KB
643 B 46ms
46ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46173
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/18411547540029683617/ Frame B148 7 KB
7 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18411547540029683617/14763004658117789537?w=195&h=102

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7382be1f08de708262d459360afa78fa569239cd00ade6a33a466d0346cdf0c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 23:03:41 GMT
x-content-type-options: nosniff
age: 16149
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7617
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 18:08:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 23:03:41 GMT

GET
DATA 200
OK truncated
/ Frame B148 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B148 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84cb6d30f9a94898cb8d8abdf4fc7b615eaf1a0b3ef7d29f1f28fc60e1099119

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B148 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e435810b6fa9c84b12eab2f91e053e3fe76b50fabc287888125a187663e2053f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame F678 36 KB
14 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70CE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

93ms
92ms

Document
text/html

2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:51 GMT
expires: Thu, 16 Feb 2023 03:32:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B148 0
18 B 98ms
97ms Image
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=COMb24KPtY-qgKezhx_AP_767uAPdzPu7aZ3k1e7WDmQQASDnzLAgYJXCpoKwB6ABoYLL5QPIAQmpAkuQppJW77E-qAMByAPLBKoE8wFP0Ldv5as0sxL0cA5PidqxUo7wgM51HNmEZzvZOxY_zS05KFEZhpebjfqJurtamKjXYLqKdPKykBejgR23c8_pXEWixqxoCIgps8Kk8E-I5QM4wYqcNTDvVzrQTwxoZKfBsi21YfM3kFt2gbYdd6x01vsYL3LeWJQn1KoLY78U78-z8lJ0UQ1ytMEb6EGrnkmhH5BurPaje7kDXlLyoq8HwZVjQLpj_r-NDKsqTCPQ5MF7-0AM5a6YWitqy0c0K1IF7G53nuch6hIYMoAzG-sx6yQ7fzSwQ72J2k_AQPHoCdegLLhSYWZNQB0wk0_BHIQCUKTABOuKnYX3A6AGLoAHx_20GqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKaWBdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMDiBQE0BUBmBYBgBcBshccChoIABIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=9XpEbEnb_4k&uach_m=[UACH]&cid=CAQSGwDUE5ymV1khh_3vQsggIR9W9_mZPCXqHuxw1xgB&template_id=5000&vis=1

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame E856 8 KB
968 B 83ms
81ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:09:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E856 2 KB
765 B 45ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7390
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame E856 22 KB
9 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E856 3 KB
1 KB 59ms
55ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E856 20 KB
8 KB 54ms
50ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E856 156 KB
48 KB 147ms
143ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame E856 33 KB
14 KB 44ms
40ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 75EE 624 B
245 B 81ms
77ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYiLnOxQEwAQ&v=APEucNWQCj7duTdKJNTo0VPGyRox2A1LYEc1agyBsQiZtB-E5vjopW3cKMtO56Uu1k6u9GXf3jUmZLwuVFoPFPikuaOTl0UyCTO9YQhLC-mAkZa9rNklpxnLJqBZDONzne0ocIYYoPwMBjiyGFQ2aITebTzV2z3MB2sRHWXFB7rPWve4CRRKbRc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:50 GMT
expires: Thu, 16 Feb 2023 03:32:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B4E6 78 KB
27 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame B4E6 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:10:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33718
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 18:10:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame B4E6 20 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame B4E6 0
0 51ms
49ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1ScRcZ_p0b2ulcgn-cvy352jdRfl5UxjNe2OS-sZS6fhANdcBDuQXeuJmyy-bFUpkK9O7U-0rvCdxv2HSyf90QiQ13Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B4E6 156 KB
48 KB 156ms
155ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:50 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4E6 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AZP5hY2TkTMUx1vi08TUy_H-xNkgTCVDISZycwPnVBqfwCR7yl0uZKuYmFPJ-j3JsIPckTRXgHdmrheJCQGKxS7ofe8UFmrKZo1jc27ASZd1iKivQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4E6 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8122082087239648478&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 473E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf6b4406be7ed96a51eb266f14b9c21a4888662fd4a9069aebf115bdd6c6986b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 220B
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENQQmV09rL502_en6V735KA&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENQQmV09rL502_en6V735KA&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R3ZObW5maXMxUHN2MFQ1&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVx...

170 B
232 B

78ms
75ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R3ZObW5maXMxUHN2MFQ1&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVxELcTg-VPxzUm_oW1AnAP96K-zjnL88ihM9uUQ-Wmc4vhethLxV0HRNQ

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:50 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/d601d38#rel-ec2-master i-02d4862961d254dec@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=R3ZObW5maXMxUHN2MFQ1&google_gid=CAESENQQmV09rL502_en6V735KA&google_cver=1&google_push=Aa02lx9ustepihyDlECENhFLCENJWzk_gKGbTAOLHpRMQVxELcTg-VPxzUm_oW1AnAP96K-zjnL88ihM9uUQ-Wmc4vhethLxV0HRNQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 220B 70 B
265 B 237ms
92ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBwDyg-kivt1IlpzbZIIb2c&google_cver=1&google_push=Aa02lx_2Urc776c8KFoqKFpSLne7gZHJRSAvRgkyFTe7twCnzhIXDIn4Quy_aLY5iW0e71-HHEXIhOOjxGpB4hawPpi-kxaIvegieg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 220B
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGopT86WQi6vaHRJiTEfb80&google_cver=1&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGopT86WQi6vaHRJiTEfb80&google_cver=1&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ&google_hm=GKgUqGZHV_RDGQ5cQ_G1...

170 B
232 B

80ms
78ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ&google_hm=GKgUqGZHV_RDGQ5cQ_G1Gg60

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 03:32:51 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx8TQP8umvutGCrWRP9VWCOEApp0uhMx4A0NG_koWGLCz4PNSVvs9VwlTrba66QW1kIeGrzcdqZnt3-Sjiijg1odwZ50iAWPNQ&google_hm=GKgUqGZHV_RDGQ5cQ_G1Gg60
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 220B
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENJFPuZaJwemxS9y9TQRO-8&google_cver=1&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcu...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcurjp3sVJ1yRqC

170 B
243 B

102ms
102ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcurjp3sVJ1yRqC

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 03:32:51 GMT
via: 1.1 47b3fa796fd76d32bef114d0b8ce8cac.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: VIE50-C2
x-cache: GeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx_1Dx5PvWH447B-X39fuTt7N28IHVWI6vl8ZdkBvC5tqIDDFqB31j1OnSSy3NepL47WKvh6AAUwO4cUvMcurjp3sVJ1yRqC
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 959keWtDm0-VrJ2ZQ1h9UVy2hv2tbtnjFUQTy_nG17PZE_XYiPC8eQ==

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 220B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMBAutadcS6Ne16fC9ImWxc&google_cver=1&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37C...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZ...

170 B
232 B

161ms
154ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37Czng

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx-42w-_7nnnXRKZzEPWY9iYHeHHMKOA7-EqCn4PxUAjtA0OhazZPZwoOt8FqjHu4zlwgTY0vIBi6MvSuTTbMHlRjUs-37Czng
date: Thu, 16 Feb 2023 03:32:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 220B
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF34nQtsyEMm3qzqS_dgqUw&google_cver=1&google_push=Aa02lx9s1PklXzXY99AFdGXOxcHY2CYFioVXz49nka1RML-26hNmz1M4-hLrHI_1xAYRjP3k8qtJlwmBBSY...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9s1PklXzXY99AFdGXOxcHY2CYFioVXz49nka1RML-26hNmz1M4-hLrHI_1xAYRjP3k8qtJlwmBBSY9Bzz7oCevZDbcBIenlgY
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

41ms
41ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 220B
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESENGnPHUlH9fl8NnEPsWYhQ8&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx83DQBxi_xAbXR-il2R16CU7mU6oDMDbgnC2bWLuxVPjhNXt_u9Yi8J0YqMoqrJG2otNhMuJhIWWRtCCE1z-G7jjkmlhbawsMA
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

94ms
91ms

Image
image/gif

23.203.125.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=240&adk=878753706&adf=37175952&pi=t.aa~a.2425355703~rp.2&w=160&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=2&bdt=2910&idt=-M&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280&nras=2&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=JdGU4VfRSY&p=https%3A//www.federalpay.org&dtd=10
Protocol: H2
Server: 23.203.125.36 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-36.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

expires: Thu, 16 Feb 2023 03:32:51 GMT
pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 220B 0
130 B 296ms
124ms Image
text/html 142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K6yPJTzm7bVMipad065miyOTWS2pAGZNlv9Xby8R26VL6mgd13Xp4qXV_H7Z-04zxKA85duL0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0315 143 B
166 B 56ms
56ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1255
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:11:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9285 2 KB
1 KB 227ms
91ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4AAKUGsIEfDsAA7ff9mBcMxGT5IU4qRtlg&u=%7C8pGZcb0Xuqj30VgiVuQ75WtEusHMY9F862XWd1cyfwE%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUakj_vOW-2yxcdN9EEMU4bfVZCLg28_9_-efnKkZihT3pj6XXN8eUljhTzIuko3hQWrnn1_NY9n2v4OnprJ7cqbAvnMWiD7zFT4jEc5RF3BsM02_yF1kziRNKiJsKPmqBhHNYKqMM001wbPIkdOgasLegn4kMKcRmbYnF-m5ANxVZ_AmU-8saDouV-l9krW7fSa97alwjrXI5D_RAK96ppDmXRVo-Y0VgPhXebLVsasY21S1GT-X6CpEqx9RE9jZHWd1wUfnsrQewodCiqmnMCKXHKGXWU6GcvpOBqKFtqOQmWwYQG3Y4Kk0_pe6X2IfHoM11yU2ECDyJa3piJoX2bM9oBjPFpJ6lvKDIH5rJKG2ZmGdWvQA80HJLNhUwiEL6Yix7XI5gJ10-8wHGgBCIFmLz42gETnj-E0vk55xuwZHibJzccTYZZmYmFc2GdjT00IB7I2CpzK9vdwL2eWzgYDmD9VsfKztoADwfmP0PJW_zRIvGo1m1JzqrLd9-0jkG1NI2gPJbDmY9gCjPklYYXM_v6tvLPf-587ryzz1qfyUvQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLWcx4KPtY-ugKezhx_AP_767uAPJntKxXNWdkfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpAkuQppJW77E-qAMBqgTgAU_Q6CgSVBoaEBayVkA3BmuM6nFyqYqnHYbLfyFTLYjiT66Il3oPo8xYFGNsmFHYItuiY5TsnJCCwija7liX5qP_6QXtH2Z8NZrDliUkJNBLPoRrEbF3NlMIuoOVB4oqQiXtqkv9dNCN8HLWYEtwrv5ITgDsP86eQuWzzLsPlwH5yeKbPOEuVhKBZ8hvQqic4_JlPl9SPIZqIMZSXDJtH0YCd6-PYEA7T1P8di5uVrgeQu-MSj3asC78ySy7Wu86wsydvTMs9SRhgMH2oHGjLi5al4YLJOKW14Yos0N7Vc1ygAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0RVxSffb0eXAnZfPiZ33W0xxCabg%26client%3Dca-pub-2244847655937829%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9285 2 KB
1 KB 188ms
53ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9285 308 B
636 B 189ms
93ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9285 293 B
621 B 190ms
94ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 9285 43 B
347 B 261ms
54ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=-P5DfuRG4iu8-hE7K_A3x7yem1cw1errLzDO_SsvO21gC_YgdASXedOIMzTof6gLkJL4YEPHkFTrfYnHbHkLjvAyZHTs6QMpLFxKj8rBV87Yo-OxKcq1Wv2qlGl9mBn7pNiZeoqyjd-fIRR6MPf8Ad7poGjKkeXv6Jo-WbXkoMTh1lnTSE7EdWLwSLJpxp4ZkRvGN3Th-o5Tn155FH9Lsr3eRZxdI5DNVgLvIgKElHvBHAruylhD4GwMtentlbZW1wYjSv4bv8nP2fgmkdjNwJSadDIx6iduG7z0_ZINkB_ZVZhHEMVL7lust_fNklFSx_QzQv6GmtcuOE9TNDzlqBo7IJQc-ZMBLebTqv7gqR2wPPIDDIc35f_co6v1VfT4wn0tvHta3DKHxHdXkurCnokk2LGr23llkrlaLHu4Of_A-iA9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3093036
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 75EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&C=1

43 B
766 B

42ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYiLnOxQEwAQ&v=APEucNWQCj7duTdKJNTo0VPGyRox2A1LYEc1agyBsQiZtB-E5vjopW3cKMtO56Uu1k6u9GXf3jUmZLwuVFoPFPikuaOTl0UyCTO9YQhLC-mAkZa9rNklpxnLJqBZDONzne0ocIYYoPwMBjiyGFQ2aITebTzV2z3MB2sRHWXFB7rPWve4CRRKbRc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:51 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:51 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 75EE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.2j4-YQKWi9HBBPCQgDjwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&google_hm=2

43 B
766 B

44ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYiLnOxQEwAQ&v=APEucNWQCj7duTdKJNTo0VPGyRox2A1LYEc1agyBsQiZtB-E5vjopW3cKMtO56Uu1k6u9GXf3jUmZLwuVFoPFPikuaOTl0UyCTO9YQhLC-mAkZa9rNklpxnLJqBZDONzne0ocIYYoPwMBjiyGFQ2aITebTzV2z3MB2sRHWXFB7rPWve4CRRKbRc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:51 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFll475A6q9k5o_hjwkep2c&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 75EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEAzNZMUlkj1aGOUNRtXPxTk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAzNZMUlkj1aGOUNRtXPxTk%26google_cver%3D1

43 B
1 KB

47ms
47ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAzNZMUlkj1aGOUNRtXPxTk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYiLnOxQEwAQ&v=APEucNWQCj7duTdKJNTo0VPGyRox2A1LYEc1agyBsQiZtB-E5vjopW3cKMtO56Uu1k6u9GXf3jUmZLwuVFoPFPikuaOTl0UyCTO9YQhLC-mAkZa9rNklpxnLJqBZDONzne0ocIYYoPwMBjiyGFQ2aITebTzV2z3MB2sRHWXFB7rPWve4CRRKbRc

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:51 GMT
AN-X-Request-Uuid: cdd4bf59-5ad5-415d-9e10-6b5c8f630a56
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 16 Feb 2023 03:32:51 GMT
AN-X-Request-Uuid: eb4beb19-a804-412c-a7d0-08ac8e50aa9b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEAzNZMUlkj1aGOUNRtXPxTk%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 75EE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1MDgyODY3OTQzNjA3NDgyMg%3D%3D

170 B
188 B

88ms
87ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1MDgyODY3OTQzNjA3NDgyMg%3D%3D

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 03:32:51 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.104; 80.255.7.104; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 77168c0d-6cb1-4740-b32e-b85641e327a6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1MDgyODY3OTQzNjA3NDgyMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4E6 0
20 B 81ms
80ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7747075914711&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4E6 0
20 B 79ms
78ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7747075914711&version=m202301230201&ct=76&x=1&cor=8122082087239648000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B4E6 93 KB
37 KB 119ms
116ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BIqmkDFvEtlQ0azWTY3pus2KEHCvKvuuf3s7mfL-wRkly_dGJKGA9rgvzDVlFwn8zJ1dw41Wpv6AS2M0FFBoEhn1T7U-VQ1bURKDOdA2YNqVbnBzYuu09yHMS3u4HniIMw9XLPzNnu0YSQD_Kkr4vs1kec5oPVBz_HJQN00J5Xvruqg_U&dbm_d=AKAmf-Bo1gcA1zM48Pshhlv2Jr10_X--GqU8D32fymR0LahnBACQDUgS8qqLkp9_Kre4O2dM5kfjiLk22e99v6NkjWwu0nyz2mtjGdaJlQeQZstUE0FDjR1iXwta0uaSaQ-lK-YxlSQgR0PGKpCMWNeh4IqZYSyLjX9MJACzHwJl478uPaocYdBl6sH8BmOfKEV6q-GUkpuckBqqonw7G7Od9bT0suciLtqNUi94egkKKwPiwNZ0K4yrLFfbiIHbbPRZpnA-lpHpByDEpxuNK_9m1bMQ-0J1bDyJYjSRNi3w4Ap5wZmK2egJ9JAYhhSnAn7ZY3-csf4brzttJcU748b4UAJbQIPybMWoWKR3IhLCtD0CHBzALOEHPMuNJG7w-TPzLpgsjhYES5CFU_GysaLlJY9xzZXbtFEpLZQzxiKo-q-WCvgsQWrXB10TozZ0QzTXOgGP3okgbDgc8uNuXjW7tqZm7pFU7Hga-tlri9Tw4x9F8ikbIdNvfyN6sPyg2of6aysXCGHQQcCiRK1aD3WGwT6l_PO-ZelFQBD8Ydip1zbPWuhZMSTmphuhbuOTDaOYsVemAVhJ3Wo9TKAGnU3JsvQbJNrqbkPhhS02EXWafgoeT6amttE-XknGfXiJUz2xjo1RMUQw5TxPLo6sYHafPoVlX2TFncjeyvVwOnoWdqgokAlmld7Mc66cTxAGL1u50g1laAYsB4iZ_DRaNXiLdMw_12Z3HqqQgCxURvRGF_EchVSF9ysUZA3sCam1-okQ6Bz0TgISuFqu01EoK_8DUGN2_9E6IHHmszmzFZRoWpd_trzNYNGWRW246f9IurOkFJqrbzptrnL5v-QDU-53c3qi2Fa9pPV5aJUhCfd3BkVjRucHLgDPajttSggyRQxHQ_M0GiHSZQDPjcefXjVG0OeoqUr7lpND8vFDTqnR9Q526DNuelrazoHrb4cq_owOrJs3dsBetu1TiUNxgo4HYpnvt0aoM_wUzK_ZglZJ_dRcLYuXfTdIe-90OPWuAGvB00cCoZ2JAgGjeyy8Q8s_0EZJ_E6LSJhJtvMmuI_-8T3S5axEUa-jYMpDDk9RwjjRbFfVMp-OGjIbkCbGSC9kY6zHm64UpMbWrsiuBoIA_c1WnRAJrsJ9e0yhbgtrxYebaCV4Rzs7L4BtD0y0l0hVMfLLyozymb_dM1ncAvh1CeyRqmHSWxRae8DLanAGDGpZQDt9T_WdFZnHaPs9WXvO9CFXaDcFxhyD3UZx-AZZqB4vLsDk9YyEB5yDtn8PMDMixYyytT4QPHe663kNCKWeUUWjuDBiCE12tAo3X0k-EXxIvA6VwTVQXBg22jzIGpTs3bn9G51f1oDxqOvJyvxmXewo2BrwY9EBwSoabiFYoq1FYe33azEtoOPR-3i9W5FvG7Tf-Au2QY0Y9fNZ3JiCxbFkC8JxTw-m-6a3j8rzLWoJ-2-gkMPxm-vnmAb8YbrzbnYwSAtlG36_pkp1ct8mgcFiQarno6CEdIYOyVRseV0mSThdocWAnPmtec3dLDvq9_Dn7W5_209saTDjuaEthVxE_O7uFHkjJxiu4_K9TFQqyW_P3wtEsnv_rsVZO6zB8YdtB7SB7PFsY_QsKHNAl9ZU4948-uSbYvs7iYHUMpSsKeOxUGzwUZDUJR7nEBgpcU1IzlWN0YV6mo6eEJdKp22zImQVozVvJ-5JDg-M-_HlHlRX7I2Kr9QviXe31gYSZeuFKbImruN6ysiXe8YKcQJp_VG4eWX19D1zXkH4j0Sfbqe_8m9O0EUAkX5E4oRJxfDiv7wsYKOzExUZidwV-MA7l69kgBw47CM_KtvjjbgWRbAAOiheoe8kmYgC8F4LaXZVgBwt2CiLlBuPSRWeVcu0WsdQQZbBmQWxhlrTD8ZZxXYEJqQBhSts0hUeOcfL3S8GZcID4luQi8jcWSl9lS6aFo04O2DWKf22_NBhyAffgZZoSFVN--FzGphK4uSNfTUa3zbQpPD8uq2xmLRBm5j3mf1anopgn7InANk9L0WQqUrOdlyQNRghsRWcEa_zCL5ucyzIHDoknCUawgtFSZcFQZR2HAQflR3KxEHRkP0JivJyJjrQXsy-X5i3o6pXc68fcdtxfH12znwZ3wBtN_zb0c21oEffExXDWivhQ7YdrgRAe7QnAT6pvAVqwIZE5A0tU-uMxCnvwe7XkI66sdOara4QYPJM0k4Oab8SQa_AL1bOi0WoMg5k2IPAB-YejY6ZR8sA-SRksjdjayJDAgDH0-bttV5osOukeZI0zT9OYhdaAqgOmWaH0FuTPHsuOuzjQeBN8Ctrhmf5M5QK30U5s0c1PD_RxgU0NtHjDUyrhxsWP93fSC4IN9qOUKHlX6cjv6AE9zM8nHgwPJgNhLq6kTS9RduXOO_BO-gGh18fScGVn8jbb1zcTUGZg3TNIgw3Xjstmn8zeEPWLRTaPOgaZRm8NBl7DOEPpnbSTmm159iPl2yj1h47HebeucmcOsvHqaD7a-t2GBDscxFQO-Y2FvY4_T0wYe64a9fwbDjamv8iTHyjg3NJTavOFVHbt4lUgyDJL0Lc0OzSc1e9N8VpZ-StD5VRX5jOl_hN5eMrcNnojfsJEWrKu6NRWCycUFv0YQm9zHORSXwFAYunBXVNX-FyGrudKR_BFzIEvpPutQQ55vBsD5WI1Ai6p_3GchuAKjxq24nqor1Oj8cPvcTN5rk04GaSUxKl2qofmfiYv5yl0x4f6WUUi91lvkdDJLiHTXKUvHWiYwgya6kYAU38wfjqybA9BD1fxciYSz7z5viG1pKLL6crsRopmishr5C25Y1nLkfrrzgRRgEmBqJD-q8zz7LXMa8ewtUWIGcF5_1L-_hhwhmNOVtZqYqnawP-q70ykdAOoiHarDAZxgZwIjRVMhru_K5Z89WBb-DbPNnPRzLrPrMbY9_1lWPUk23kd1HK4N6SJ6REt9X_kUCn1nsfTN9o6CPs3lupESchNHP4IsBXDpHJTRp_SzYAtfRndYbjFY_wqnycxM34F2QiEeDw_jLGk7GqoDEdv-CXWshTRJO107WdDjXDwBQHfeK7u-AXKYmBOIIscj-iAHzBdOcrQgpY0LIG1Q5rLFIbeZVPB8kZnFJ953JqkM1Jsz6-MZiJfTI8ta2S0sSUeIF_lEymMlF0E5il5Ie_roQFjcMeCe7yH3shPHqEythOwO7V8uAcG0IArrNXzX9TOzPpb73c2Oju0MYXWQs6CtP1JjjcR8J3XGtCMhQy7ZFsWwXefQBTFGc7Fs-cOzxNZ9rHP6fQGz7ovKgDyUqJlPz487e3v0RE44RTa3ooQ7binhDq08L7&cid=CAQSOwDUE5ym0U_IfwgyTxRtUymbfy_WpGJ4z5hv6kCd9d_dltbXJUTw8il7fqmCJ2qve3rXFAXvIMWPTyWyGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.federalpay.org%2F&ds=l&xdt=1&iif=1&cor=8122082087239648000&adk=1726166460&idt=72&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3e950d7436ccce0517856c26d9103998fd889490840db9a065a8c59a4ecbcdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37665
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame EA73 2 KB
1 KB 75ms
48ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Y-2j4gAHZFIIEerDAAodLErrSgQV5zwOlggMPA&u=%7C9%2Bpza3QQaLdWr0%2FU3kzWvEWLGNRGCwxSWPjQ0N23B6A%3D%7C&c1=TEbw32HdmhlTb08vzaRE0-J3aJQULXRb6S19EAZ80X2gBTzv4Dq5xMxb2AiDpyinZYbjjDWoUalnM-PErbzrhDm9NSv8dviegAVIuycJozGC1Vsh1JFMx0j7JPu3YjhEE-WhM_Uu3omLQ8SSoFoVVXxAtqXrY7IvpnvRWoV0uApFk-rrqtoWUlr19Wkm9NgHnTg_AlU0BFa8Ugt4LSAe7u7V1z8gZnUemxUCOv5HJrHNTCvSuGrbkxqMc2tDckXlq94JoPCKlcL_UokKK648J4jOgJD1HNkFFsQgnONThMhDLGItM4geJPjP7xrNd9Uk2ZZjj7p3xm0d5_chqk0F-6CjnZhR7hGuVXmsZIaYO1YFnicOKpYuiEXgxALhY4jAnqzXwvq6q7K5rF9phgI64Vk0xYxYUU_pkpc9W8Kmc2vT5UqllK_ZdQfv-grtq0r8br5rdmlBKcWjrhSx4aCDOr3cYF3tlk-4pluBA1hq2pJWFR_0aiLqGRV2MyIpGTvo-ayGl5oGGsdmpLuN542V8kdNL91ycVMhgk_GnL9Jm5d3BjN3Fvf1TbN-XNEQVIX75EoiXz6iQ34h0TiCVLL9qc2BCItg0ERXsjYbyfbZlIV2RZVnZ5I8tw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdIuD4qPtY9LIHcPVx_APrLqoqAjJntKxXL3plfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpApwopOxR8LE-qAMBqgTmAU_QTTJtDRffA6PIuklCinKur4nNnClbgEOyiPaYF_Z3ibUgqWyvL1rhRZAQ9ldjowiuim9MTZ1MQnoTFvitw4gHljWpiukl86LXsfpVLH5gTEjlvA9s3Jdameg89UP3MJY1Ch2wZCuoqrLsMLn0AyLjvXBexvTS9jzUsynBf1gl7cLTDLwX6Clj5Opdv-PBI5hq7BvOcM_GEuuOC6BjFq7TNpOfkHW53fimPKUHkl6JDdO3RMSWyb0kcCN3nMwjISqXQ_k0HmF_CNtDTiGxUrNvMhGY9g1cqMBWGxtqWuwShc6IW_pWgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2v2YQxOzGpgZPa3RJ0JGnCF5snIA%26client%3Dca-pub-2244847655937829%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame EA73 2 KB
1 KB 77ms
50ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame EA73 308 B
636 B 68ms
49ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame EA73 293 B
621 B 70ms
51ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame EA73 43 B
348 B 180ms
49ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=AubqGrtN-RQUOohkDdd_K8QTT35-Hzs-MrRypbuJaF6MKUOYwU9whIv0ZU3dQtPwbRa7jKfcBaVTVbgw8z6xIzIlNQc_4mhvZKC7byMJReZkxkT5a4dmB-WV28xX5tuRiuqPjMdix55L7f-9NKp8p9BUn5IV5c7HuNkBkOjGGKiHjYFuUZfu-62tUXjSdklmkLlGPymuKKaZ19DRolRUU8tzaqLSfyTjrnZJbF0JQSiZTBxM6VjeQewmkdRPUIu-f6h_1s_fskbWGnpJNiDrUrJ35BQ95O0LO52rbKGqwrq04O7m1KPvVRqtDeKgGJiMAr4LIGxVvxG3w0ZEcOOXIQpTbRIyYp9DBygUclq3H5_Ibn2FId_y6YolUmB89BgnRdyqC3bf-zGFtIvi7Ay_3971RQGHnihu6_qQAgigKRAIIN9u

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2990012
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame 9285 2 KB
804 B 74ms
47ms Stylesheet
text/css 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 montserrat-700.css
static.criteo.net/design/googlefont/montserrat/ Frame 9285 2 KB
803 B 79ms
52ms Stylesheet
text/css 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9285 12 KB
6 KB 134ms
114ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9285 0
128 B 183ms
44ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=wC9UJUqy1ytkLc8OEH0MPhpTkOsiQJKzS2Rkwa0nvEbXkWwi8gtIyuhLP77DLwgh_savwdGOWdlvuGduWrxNYKlQOntNAeaOBjnTZ3lYYRVtef123lVc0Ulp2jHvoQIXKaDDW8vUOOGj3hPM44EX2M2Hcmd6NG-RZ48How_nzMocuuY9Y1lc3x6sqlFj_y30RAVl8P6IHqIrUk-XejW4ltGV7mjqY3BOYMCMtlpcBOG7Fsm0UGOX1ox4tFPZKGMXsd54Qw&sds=2&rev=84699&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9285 2 KB
1 KB 167ms
160ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9285 2 KB
1 KB 167ms
161ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0315
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

96ms
92ms

Document
text/html

2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:51 GMT
expires: Thu, 16 Feb 2023 03:32:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:51 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 montserrat-400.css
static.criteo.net/design/googlefont/montserrat/ Frame EA73 2 KB
803 B 94ms
91ms Stylesheet
text/css 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 montserrat-700.css
static.criteo.net/design/googlefont/montserrat/ Frame EA73 2 KB
803 B 96ms
92ms Stylesheet
text/css 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-675"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame EA73 12 KB
6 KB 61ms
60ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame EA73 12 KB
12 KB 392ms
114ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=116&m=0&partner=915&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F771%2F160923%2F58605b2e514c432f98cd3a75f9acc6b6_logo_n_horizontal.png&v=3&w=316&s=5TDpJESKf-uhPGTzVeQ7wvgw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

278b79f7fc149eb8ce484a5eeb7db0d160a8a34ab1437ce68bfa149b12d202f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29643212
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 12498
expires: Thu, 25 Jan 2024 05:46:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame EA73 13 KB
13 KB 427ms
149ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12988665JM_14_F.JPG&v=3&w=400&s=AZiFNlGbbdI3HsX0ZVI_J6Ei&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9a1e7ebe8c7ff87a27891ed2251c2d5c6a5cd4ea40eae24298414f9a0cb73b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13356
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame EA73 10 KB
10 KB 509ms
232ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F16%2F16122056TG_14_F.JPG&v=3&w=400&s=t4xhRdOgJ8HQxvGhIr4RP76r&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d4b11f933cf386a7fe46c63ed80a5b94286c02e9ede935237054e84486110edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10226
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame EA73 4 KB
4 KB 506ms
232ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12876231NH_14_F.JPG&v=3&w=400&s=JwoHvIqGlbRDUUwKUkp-Q7Hc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

21ca4ab56be9cdc3b77aab85c0dac936e29f0549e12ddbf14e0c44f795bac9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3930
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame EA73 6 KB
7 KB 431ms
156ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17065126KC_14_F.JPG&v=3&w=400&s=76ToJfZL9DQmJ8PTR3ji80HG&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

807c14c68eaa25cb70ad95aa6b1d8fed9314aaad76e179950e9b2975d1aba10b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6590
expires: Sun, 11 Feb 2024 03:32:51 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame EA73 0
127 B 110ms
45ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=VsK1Gkqy1ytkLc8OPKy9EAiXFFLwTDzA7YgNt3Bgt3yL91_OcubkL0gtBM7aPrMimk9qr2xd8tmBdDPQ_THtAQrgnDMES-5saiRRsEAt2cCuZQb_CA1QpmcdpgqwWygTc9coa84Dj3K4G_cl64iC9U4UNkkiGDdFQdCaFUS8yE1U3GnGwZyWo6bid7QfoLh1BpRWRAZUrj5F6LWIgF3Y2DhRMBM1u6SApbsyGMPRgMrPToFbLzaT-IV43roI0giVvk-W3Q&sds=2&rev=84699&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EA73 2 KB
1 KB 168ms
161ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame EA73 2 KB
1 KB 166ms
160ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634094/ Frame B4E6 243 KB
73 KB 440ms
57ms Script
application/javascript 54.155.214.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634094/skeleton.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-2244847655937829&ias_chanId=1&ias_placementId=19422215943&bidurl=https://www.federalpay.org/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h6wqJv4MI7OyhIdDDq-1yr
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.214.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-214-228.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 226617de762d12d576f9eaba080511590ffaa876b3a48cd96b019293d415dc13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B4E6 106 KB
37 KB 164ms
42ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 23:10:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15723
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 23:10:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame B4E6 8 KB
3 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BIqmkDFvEtlQ0azWTY3pus2KEHCvKvuuf3s7mfL-wRkly_dGJKGA9rgvzDVlFwn8zJ1dw41Wpv6AS2M0FFBoEhn1T7U-VQ1bURKDOdA2YNqVbnBzYuu09yHMS3u4HniIMw9XLPzNnu0YSQD_Kkr4vs1kec5oPVBz_HJQN00J5Xvruqg_U&dbm_d=AKAmf-Bo1gcA1zM48Pshhlv2Jr10_X--GqU8D32fymR0LahnBACQDUgS8qqLkp9_Kre4O2dM5kfjiLk22e99v6NkjWwu0nyz2mtjGdaJlQeQZstUE0FDjR1iXwta0uaSaQ-lK-YxlSQgR0PGKpCMWNeh4IqZYSyLjX9MJACzHwJl478uPaocYdBl6sH8BmOfKEV6q-GUkpuckBqqonw7G7Od9bT0suciLtqNUi94egkKKwPiwNZ0K4yrLFfbiIHbbPRZpnA-lpHpByDEpxuNK_9m1bMQ-0J1bDyJYjSRNi3w4Ap5wZmK2egJ9JAYhhSnAn7ZY3-csf4brzttJcU748b4UAJbQIPybMWoWKR3IhLCtD0CHBzALOEHPMuNJG7w-TPzLpgsjhYES5CFU_GysaLlJY9xzZXbtFEpLZQzxiKo-q-WCvgsQWrXB10TozZ0QzTXOgGP3okgbDgc8uNuXjW7tqZm7pFU7Hga-tlri9Tw4x9F8ikbIdNvfyN6sPyg2of6aysXCGHQQcCiRK1aD3WGwT6l_PO-ZelFQBD8Ydip1zbPWuhZMSTmphuhbuOTDaOYsVemAVhJ3Wo9TKAGnU3JsvQbJNrqbkPhhS02EXWafgoeT6amttE-XknGfXiJUz2xjo1RMUQw5TxPLo6sYHafPoVlX2TFncjeyvVwOnoWdqgokAlmld7Mc66cTxAGL1u50g1laAYsB4iZ_DRaNXiLdMw_12Z3HqqQgCxURvRGF_EchVSF9ysUZA3sCam1-okQ6Bz0TgISuFqu01EoK_8DUGN2_9E6IHHmszmzFZRoWpd_trzNYNGWRW246f9IurOkFJqrbzptrnL5v-QDU-53c3qi2Fa9pPV5aJUhCfd3BkVjRucHLgDPajttSggyRQxHQ_M0GiHSZQDPjcefXjVG0OeoqUr7lpND8vFDTqnR9Q526DNuelrazoHrb4cq_owOrJs3dsBetu1TiUNxgo4HYpnvt0aoM_wUzK_ZglZJ_dRcLYuXfTdIe-90OPWuAGvB00cCoZ2JAgGjeyy8Q8s_0EZJ_E6LSJhJtvMmuI_-8T3S5axEUa-jYMpDDk9RwjjRbFfVMp-OGjIbkCbGSC9kY6zHm64UpMbWrsiuBoIA_c1WnRAJrsJ9e0yhbgtrxYebaCV4Rzs7L4BtD0y0l0hVMfLLyozymb_dM1ncAvh1CeyRqmHSWxRae8DLanAGDGpZQDt9T_WdFZnHaPs9WXvO9CFXaDcFxhyD3UZx-AZZqB4vLsDk9YyEB5yDtn8PMDMixYyytT4QPHe663kNCKWeUUWjuDBiCE12tAo3X0k-EXxIvA6VwTVQXBg22jzIGpTs3bn9G51f1oDxqOvJyvxmXewo2BrwY9EBwSoabiFYoq1FYe33azEtoOPR-3i9W5FvG7Tf-Au2QY0Y9fNZ3JiCxbFkC8JxTw-m-6a3j8rzLWoJ-2-gkMPxm-vnmAb8YbrzbnYwSAtlG36_pkp1ct8mgcFiQarno6CEdIYOyVRseV0mSThdocWAnPmtec3dLDvq9_Dn7W5_209saTDjuaEthVxE_O7uFHkjJxiu4_K9TFQqyW_P3wtEsnv_rsVZO6zB8YdtB7SB7PFsY_QsKHNAl9ZU4948-uSbYvs7iYHUMpSsKeOxUGzwUZDUJR7nEBgpcU1IzlWN0YV6mo6eEJdKp22zImQVozVvJ-5JDg-M-_HlHlRX7I2Kr9QviXe31gYSZeuFKbImruN6ysiXe8YKcQJp_VG4eWX19D1zXkH4j0Sfbqe_8m9O0EUAkX5E4oRJxfDiv7wsYKOzExUZidwV-MA7l69kgBw47CM_KtvjjbgWRbAAOiheoe8kmYgC8F4LaXZVgBwt2CiLlBuPSRWeVcu0WsdQQZbBmQWxhlrTD8ZZxXYEJqQBhSts0hUeOcfL3S8GZcID4luQi8jcWSl9lS6aFo04O2DWKf22_NBhyAffgZZoSFVN--FzGphK4uSNfTUa3zbQpPD8uq2xmLRBm5j3mf1anopgn7InANk9L0WQqUrOdlyQNRghsRWcEa_zCL5ucyzIHDoknCUawgtFSZcFQZR2HAQflR3KxEHRkP0JivJyJjrQXsy-X5i3o6pXc68fcdtxfH12znwZ3wBtN_zb0c21oEffExXDWivhQ7YdrgRAe7QnAT6pvAVqwIZE5A0tU-uMxCnvwe7XkI66sdOara4QYPJM0k4Oab8SQa_AL1bOi0WoMg5k2IPAB-YejY6ZR8sA-SRksjdjayJDAgDH0-bttV5osOukeZI0zT9OYhdaAqgOmWaH0FuTPHsuOuzjQeBN8Ctrhmf5M5QK30U5s0c1PD_RxgU0NtHjDUyrhxsWP93fSC4IN9qOUKHlX6cjv6AE9zM8nHgwPJgNhLq6kTS9RduXOO_BO-gGh18fScGVn8jbb1zcTUGZg3TNIgw3Xjstmn8zeEPWLRTaPOgaZRm8NBl7DOEPpnbSTmm159iPl2yj1h47HebeucmcOsvHqaD7a-t2GBDscxFQO-Y2FvY4_T0wYe64a9fwbDjamv8iTHyjg3NJTavOFVHbt4lUgyDJL0Lc0OzSc1e9N8VpZ-StD5VRX5jOl_hN5eMrcNnojfsJEWrKu6NRWCycUFv0YQm9zHORSXwFAYunBXVNX-FyGrudKR_BFzIEvpPutQQ55vBsD5WI1Ai6p_3GchuAKjxq24nqor1Oj8cPvcTN5rk04GaSUxKl2qofmfiYv5yl0x4f6WUUi91lvkdDJLiHTXKUvHWiYwgya6kYAU38wfjqybA9BD1fxciYSz7z5viG1pKLL6crsRopmishr5C25Y1nLkfrrzgRRgEmBqJD-q8zz7LXMa8ewtUWIGcF5_1L-_hhwhmNOVtZqYqnawP-q70ykdAOoiHarDAZxgZwIjRVMhru_K5Z89WBb-DbPNnPRzLrPrMbY9_1lWPUk23kd1HK4N6SJ6REt9X_kUCn1nsfTN9o6CPs3lupESchNHP4IsBXDpHJTRp_SzYAtfRndYbjFY_wqnycxM34F2QiEeDw_jLGk7GqoDEdv-CXWshTRJO107WdDjXDwBQHfeK7u-AXKYmBOIIscj-iAHzBdOcrQgpY0LIG1Q5rLFIbeZVPB8kZnFJ953JqkM1Jsz6-MZiJfTI8ta2S0sSUeIF_lEymMlF0E5il5Ie_roQFjcMeCe7yH3shPHqEythOwO7V8uAcG0IArrNXzX9TOzPpb73c2Oju0MYXWQs6CtP1JjjcR8J3XGtCMhQy7ZFsWwXefQBTFGc7Fs-cOzxNZ9rHP6fQGz7ovKgDyUqJlPz487e3v0RE44RTa3ooQ7binhDq08L7&cid=CAQSOwDUE5ym0U_IfwgyTxRtUymbfy_WpGJ4z5hv6kCd9d_dltbXJUTw8il7fqmCJ2qve3rXFAXvIMWPTyWyGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.federalpay.org%2F&ds=l&xdt=1&iif=1&cor=8122082087239648000&adk=1726166460&idt=72&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 03:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85443
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 03:48:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame B4E6 28 KB
11 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 20:18:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26081
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10817
x-xss-protection: 0
server: cafe
etag: 7837758721724492523
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 20:18:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B4E6 41 KB
15 KB 48ms
43ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 12:20:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1AEC 1 KB
643 B 43ms
41ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46174
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B4E6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5865edd00ef76534c8e53a4225ed7fa42e9973104a116675522bea01a1a93f3a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A4A 36 KB
14 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DD42 22 KB
8 KB 45ms
40ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 164874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 05:44:57 GMT
expires: Wed, 14 Feb 2024 05:44:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEEYJS82gmg2uafoecG6ce3k&google_cver=1&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-f0a0dAexBjFFX2YNH
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2B81DC2A85B4F49AEAF587C22DEB35B&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-...

170 B
188 B

76ms
75ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2B81DC2A85B4F49AEAF587C22DEB35B&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-f0a0dAexBjFFX2YNH

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C2B81DC2A85B4F49AEAF587C22DEB35B&google_push=Aa02lx_XKPE7LONADxr-vM33nGMKB-q2W32JTy8BHSqzdYhvoUKmYlUwp0sVdkeHdbxniduD_TtOMkRGabMDWP-f0a0dAexBjFFX2YNH
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 03:32:51 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESED6VyicbYwmPqZwctLCWJtY&google_cver=1&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp7...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp74kBBP_5qt&google_hm=eS1NZ1VJZ214RTJwRT...

170 B
188 B

147ms
145ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp74kBBP_5qt&google_hm=eS1NZ1VJZ214RTJwRTBzemJtMDJ0ZzF6YnhtMXByZkNIaH5B

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=Aa02lx83BrAsEBmftEZRpLroJP9HgufhqdW_IOImuUnWJKnL8EPyp0qIGDHYthozo7lSMcMNVVbLPmxTMbGhJp-BHIk8qp74kBBP_5qt&google_hm=eS1NZ1VJZ214RTJwRTBzemJtMDJ0ZzF6YnhtMXByZkNIaH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEKh_qsfEdJCaKgM7SYbh7Kg&google_cver=1&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEKh_qsfEdJCaKgM7SYbh7Kg&google_cver=1&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo

170 B
188 B

80ms
79ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9W_hfW16pyFP5pAhcQC-CC6fTOiLpnoFEu90bzqfhpsVmlcWiOhcqi6wltcWC-X6mXPSwWmzCJjzq1xHUbo4v76-3GjFj6pXo
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vDqVTuD6SIqVnV5vt5ZwYg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

75ms
75ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vDqVTuD6SIqVnV5vt5ZwYg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-cPL6yOSOWT0TGco7lD5Av2kyh1Xlt5MtZgBvyLoqgVWBSAFCSGXZg4ex_Xy-inv8DliwG8-jJAzI72i9ww0pW6tZsIijNnNEj

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vDqVTuD6SIqVnV5vt5ZwYg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx-cPL6yOSOWT0TGco7lD5Av2kyh1Xlt5MtZgBvyLoqgVWBSAFCSGXZg4ex_Xy-inv8DliwG8-jJAzI72i9ww0pW6tZsIijNnNEj
date: Thu, 16 Feb 2023 03:32:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF34nQtsyEMm3qzqS_dgqUw&google_cver=1&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esm...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esms624yJ78OK6_orW-cAs

170 B
188 B

159ms
158ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esms624yJ78OK6_orW-cAs

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx8INwlTKH9ShtWpBEw3BEviYxFPL85Y013hEx236h-NHUtCSVTtVjtiHK1z7ymuKNzdXG4xSIk82esms624yJ78OK6_orW-cAs
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMBAutadcS6Ne16fC9ImWxc&google_cver=1&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBGJKB_Zishqzd0i8v24hc-zScJqxdm2aASAIvwRNkYMd...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBG...

170 B
188 B

142ms
141ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBGJKB_Zishqzd0i8v24hc-zScJqxdm2aASAIvwRNkYMdrS9x6P

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjM4ODExMDIwMTU0NTYzOTU4OTI5Mg%3D%3D&google_push=Aa02lx_aOW2QcJc4E5zWonCVae1m0XxexlBMpKe_WFT_r7mvuZyo6MBGJKB_Zishqzd0i8v24hc-zScJqxdm2aASAIvwRNkYMdrS9x6P
date: Thu, 16 Feb 2023 03:32:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AEC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHDXndz5HRuurPCSFWADi1U&google_cver=1&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEHDXndz5HRuurPCSFWADi1U&google_cver=1&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1XakhDUUZKRTJ1RVFORXgwMXE3cTVoMW9LNHhjdHRXWn5B&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297x...

170 B
188 B

79ms
76ms

Image
image/png

142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1XakhDUUZKRTJ1RVFORXgwMXE3cTVoMW9LNHhjdHRXWn5B&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ_ZnEKxRYR-dFrc5_-fUJhQakiGLzESXg

Requested by

Protocol

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1XakhDUUZKRTJ1RVFORXgwMXE3cTVoMW9LNHhjdHRXWn5B&google_push=Aa02lx-fK7Xwcf4XpSfHby7XTQgXZlKUpUHv9Apkj_ALVHVL5bEue297xcktb6yZGQ0PMoEcnJ_ZnEKxRYR-dFrc5_-fUJhQakiGLzESXg
date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1AEC 0
49 B 155ms
153ms Image
text/html 142.250.180.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhMmwhgJuyWn0fU8qZT6epPivJE6C5j8np8dN6GKobK1LyEop9jErNl99vVjUokOLPc8jSwg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s33-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 57E0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62177bd3e51010aca8f4ded8bb282c6871700426594e12c79c0ee3416381e149

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 montserrat-400-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame 9285 12 KB
13 KB 211ms
95ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-31a4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 montserrat-700-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame 9285 13 KB
13 KB 211ms
96ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-3230"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 57E0 0
18 B 103ms
102ms Image
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cjtrf4KPtY-ugKezhx_AP_767uAPJntKxXNWdkfdwwI23ARABIABglcKmgrAHggEXY2EtcHViLTIyNDQ4NDc2NTU5Mzc4MjnIAQmpAkuQppJW77E-qAMBqgTdAU_Q6CgSVBoaEBayVkA3BmuM6nFyqYqnHYbLfyFTLYjiT66Il3oPo8xYFGNsmFHYItuiY5TsnJCCwija7liX5qP_6QXtH2Z8NZrDliUkJNBLPoRrEbF3NlMIuoOVB4oqQiXtqkv9dNCN8HLWYEtwrv5ITgDsP86eQuWzzLsPlwH5yeKbPOEuVhKBZ8hvQqic4_JlPl9SPIZqIMZSXDJtH0YCd6-PYEA7T1P8di5uVrgeQu-MSj3asGz-6L481XMpfVCJHuMRU9xolMtAql-7rJqSqiD5m_y6zwOCN1DEgAarn6nN2qLi9SegBiGoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=siz_Txo_X60&uach_m=[UACH]&cid=CAQSGwDUE5ymV1khh_3vQsggIR9W9_mZPCXqHuxw1xgB&vis=1

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 57E0 0
125 B 299ms
298ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMWCFMC-MLQB9AOdg2ICAgAAAOVy1jKj0ynkEOCj7WNFg93FxAT5Rj7VDQASAAAKDkFRVUJBUVlEQVFFQkFR&wp=Y-2j4AAKUGsIEfDsAA7ff9mBcMxGT5IU4qRtlg

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 143327
content-length: 0

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 10 KB
11 KB 270ms
233ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=100&m=0&partner=915&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F771%2F160923%2F1c82ce7c2f3646fda040f07d7413b835_logo_n_horizontal.png&v=3&w=356&s=GhRJkRYvDLVdpT-eTD2IK3p1

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

38f18ef9933994ac96ca375d7ca227d371e25778bb1d54cd5f7134d4e7d66ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29375044
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10588
expires: Mon, 22 Jan 2024 03:16:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 13 KB
13 KB 288ms
252ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12988665JM_14_F.JPG&v=3&w=800&s=QDMIJBtaPnO_swRRcAcLtJuN&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9a1e7ebe8c7ff87a27891ed2251c2d5c6a5cd4ea40eae24298414f9a0cb73b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13356
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 10 KB
10 KB 269ms
233ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F16%2F16122056TG_14_F.JPG&v=3&w=800&s=ss0y-cLfL6alS33zEokqQtg-&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d4b11f933cf386a7fe46c63ed80a5b94286c02e9ede935237054e84486110edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10226
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 4 KB
4 KB 293ms
257ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12876231NH_14_F.JPG&v=3&w=800&s=dcUwJh3_BTSbHbzqCTa2M-xk&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

21ca4ab56be9cdc3b77aab85c0dac936e29f0549e12ddbf14e0c44f795bac9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3930
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 2 KB
2 KB 292ms
257ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17279917CT_14_F.JPG&v=3&w=800&s=5V8sbZCWCOTxxRaJs3B7ZEfd&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

f43193f67f2051d001cec906ade14b52786ae8d65631df00990beb7596f5880c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1716
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 6 KB
7 KB 292ms
257ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17065126KC_14_F.JPG&v=3&w=800&s=Ryt3Wja6Dd0NWcvFlK3Nv8xu&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

807c14c68eaa25cb70ad95aa6b1d8fed9314aaad76e179950e9b2975d1aba10b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:50 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6590
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame DD42 36 KB
14 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H2 200 montserrat-400-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame EA73 12 KB
13 KB 49ms
49ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7e-31a4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 montserrat-700-latin.woff2
static.criteo.net/design/googlefont/montserrat/ Frame EA73 13 KB
13 KB 62ms
62ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/montserrat/montserrat-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/montserrat/montserrat-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:06:55 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391ef7f-3230"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12786026858647040320/ Frame 962D 116 KB
21 KB 124ms
41ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12786026858647040320/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96915a5f1ca808fc1076bc123ff15c4b12ae1e78df5430f7a3e47af5300e6d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 37518
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 21281
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 17:07:33 GMT
expires: Thu, 15 Feb 2024 17:07:33 GMT
last-modified: Tue, 29 Nov 2022 11:07:01 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B4E6 0
0 388ms
96ms Fetch
image/gif 142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuHHKM2URFWgBp69B3YEKnndslaVrD2kPs9GfV10qP2btBwMy4-sTQNrUO7H8wly_uKPtkV1W0kdZFRpMzJ6x5szuLA7h7_tnRaUFiUcEaOKcHjQp4pu7C4PSwVlPn7vaNy2R2ubElAiS4vDZ_pOYTBusWembKe45JRO84K47aMpdfZRbby1Fek_qc0TfVAbMJ0x1wEP5bzv4rJG8Y7EacP6dUsrw_nt7T-F4dvU0Zlwei_0z_ooxGDohaMbsEb__7qgsThGN33XCTLdearuy6Qiji0unVTvaIFGLRx1z5bFla5FIxlRhs3Iij-OR7kP1ddW1SdvudNCaLpmLXCc6b-7Hag-MH95HXZgUqwj_3vS-zp3KyNaPMyM4FSSRRPcJiBG9M5SC_NfzIQHZ9z1Pvfkmd5fO_ctcHVwdK_UjjhwftIPQVFC623Mdwu2tnKISM5tYML2va_T3HMXa6lUSmkqFCXmGCttSRyTyFFOvgV-LeyKliK3QFYmukxUEDf-ChiPCraMBw_ES7Q6uL9EeZs6WyHkmRuztj9aaz-_utFs75q8n2gZ5Z_rWy8GOveWkliojaeKoX41EWsObvbOK2M-TWAVVNDiepuWRZYCzADGSzCJgi7Cs-jbl8e8dSMPcOArTR8VjXIqZJY7BUXRj2VK1WCWvGmXRbnQq9GWEv7y2AQFcdUCiOqCDxT5MOX7hq4_r_SOTiHlWewk79Hfzrhjj5cODUHtl6TFnEaqRjYQzkUDPyMIv4F10Rm4ebsVuLFFMXPvmm6eHlA6ppu1ZQmzQd1LBH2vSi8zuaYaTd-Ue2aVS_orZcFCXqkidwIHLdGS-e1cOc0xjILSs75bKdlqDxjTUGn1siQh98GbcbuHNTtSGljyxuEl5FqlTFafBhKEC0lMdh5aSa5DjmuWTE8LLBy4FNU4q5ZTA4G3FpwPZUwOKjWswodepEyJIMZb_L3AjYRfqhCfoP5ShegeamefVWclZnzGYmROskjpiIeCNna847jigQms1ZFZKzErGn48IO9eAWt8_VEp_Iv1H2hKQkuExHRdc_Y65b-c9WzFY-Nrs_l4vptTYIQUEldgal1lqheuFeTYagwITahW510zVg-oGBsHp1_oz4kPPcuAZ2wgpkvbcVwZjlcDD9HQwqsKG_LxERyN2obd7Jee8hG9Ejzt_XdmQv-wDZ9LChjE2nIxpv2sNheHv8aZUElZLRptreBVvu52uSA2qs-FuCVhJtS7UteAvwLVF-CdgP9SwZuSjqJ8bz1n3NYZ1B07AqoJoE1mRGA1A1ZUkNQ-e_YHcrCfYTrP4Azh50FIg&sai=AMfl-YQrAT9IakXQ7qHk0fxE6N98U9pE_omFtUd5-UoOFAR-Ga7jz0ImpmmWzx_kgjWFO8LLozE7euWXN8n_LcvVhu27LUUcFuOjhmEqPJtNFCSoNMe4liODyzs8Nt_EJaXzoz7-xE2lMkFB61HgFYB4Amwpn29FFW1UKj-drf7W-597umLd-4mSgRdJMmmL32_W2HjH7AGdKW1TlXnkr07U-HUwDlb4_KDjYqs2uRt1QoprFUCw-d7y2KYky5lFD5EN9uQG&sig=Cg0ArKJSzGAxhJLP8lUkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=444&cbvp=1&cstd=441&cisv=r20230213.55431&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 03:32:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 03:32:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DD42 0
20 B 78ms
75ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxLzg46PtY93OCOyOjuwP7vmtuAMAAAAAOAHgBAI&bg=!srGlseXNAAYuhb89DoU7ADkAdvg8WuoDIG1I6D8imIdpIKk6SeB7WqJLiypP7NtJK3d3kAF7mHaAf0HwIsOyimLHYAyZED3pRVACAAAAcFIAAAACaAEHmQMdngYzhEF-yHH93LxFKdBGotf_ZX9LejAYdpuciAZjABHNDqmKR_lOQFZ5Tjjry8ktmlfKmbgk8vajRAF6wtmVs5TmRIC7GviZR67cXJD2132ysrWctExDxWMug23O2ALaVbTkWconuXHe7o9lOLVQNJ-djdcQgtqVQmFaGmflkAzoGCuFILdkckS9I4ELWuk8n5TuQF_z6Gr4rPwbteilV5Zj_RrKGwhut7Nz4FA6R-o50Gsa3KGSu2D-EWzgRMyMawBcnGoCSbTgRp6qVW7L9ii2BXp7mVHqb_moW2zKeAXkzQuyYQ0ePpU5xuwpMi_RgcFlLVLiT1Pt5iEvUuVlGKh0dUESQbjkq80ZcwD6pzZxJv6HxMpv_OW0_AzU0k_0X_hEkZ8vqUX8vqCfLhanSTmmSDIuWSe_ys6Hs542ZrcpD2CHtysosJ0FqpV7li0OipUgas_zwZX8xsU70HUEDP6nUphVeUfn3XewuNAH80QJJLLj9j_Oj--EIH_ItIoX0SlLCBNuHWrHSsljDV5_1-5L5_IYjMaoMuobne5e7_Ug_5s0BKrgsX1YMttOsHZVxOUm_OCnRsEf5a6wlhNJupyJiU76hBlZDxf9-MPPGE6cAHxkvP1B3zy_28TX1DFL1SJbcq02zHXP8piTPddpinJOOQpaneFu_x5dMJu_EZNCs-oTLJ_X2L0qPY3-pKW8vYOoVDD_8A2YsbYSnG3-KzVO6MZu0DDY-bhU419UFsWTcmE1N3d9r9zEa6YK7I35dhIW1TKpapHWPUrbBJZwzYLbdKA42A9NEEL5ejRZryZzO-MeARBzncZOBTL8e2n2TZ8xzWswrhlo6wofdQ5Uellv2BtBWlgG40Wzsw9eAmxiDIz4VzYCRjf6K2gO9QgMqExYhbNFqCyk5YUFo4yhUM4zDDSUEjAhwQOlElHPfp_jOCvkMxkAG6v-DNuL3rT6zxm5tqUCDNujHQgofxL4ZDhtgce6HSJ6BJqrM3ciGd1zQngqSVl_mwYAyjfDVE4T0CWFU4IW-W8O8G4NM1uEmBMe6rpuM_aEiomXlq8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 10 KB
11 KB 53ms
51ms Image
image/png 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

38f18ef9933994ac96ca375d7ca227d371e25778bb1d54cd5f7134d4e7d66ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29375044
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10588
expires: Mon, 22 Jan 2024 03:16:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 10 KB
10 KB 63ms
60ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F16%2F16122056TG_14_F.JPG&v=3&w=800&s=ss0y-cLfL6alS33zEokqQtg-&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

d4b11f933cf386a7fe46c63ed80a5b94286c02e9ede935237054e84486110edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 10226
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 13 KB
13 KB 58ms
56ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12988665JM_14_F.JPG&v=3&w=800&s=QDMIJBtaPnO_swRRcAcLtJuN&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

9a1e7ebe8c7ff87a27891ed2251c2d5c6a5cd4ea40eae24298414f9a0cb73b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 13356
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 4 KB
4 KB 54ms
53ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F12%2F12876231NH_14_F.JPG&v=3&w=800&s=dcUwJh3_BTSbHbzqCTa2M-xk&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

21ca4ab56be9cdc3b77aab85c0dac936e29f0549e12ddbf14e0c44f795bac9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3930
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 2 KB
2 KB 50ms
49ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17279917CT_14_F.JPG&v=3&w=800&s=5V8sbZCWCOTxxRaJs3B7ZEfd&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

f43193f67f2051d001cec906ade14b52786ae8d65631df00990beb7596f5880c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1716
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9285 6 KB
7 KB 69ms
67ms Image
image/webp 2a02:2638::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=915&q=80&r=0&u=https%3A%2F%2Fcdn.yoox.biz%2F17%2F17065126KC_14_F.JPG&v=3&w=800&s=Ryt3Wja6Dd0NWcvFlK3Nv8xu&b=400

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

807c14c68eaa25cb70ad95aa6b1d8fed9314aaad76e179950e9b2975d1aba10b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:51 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6590
expires: Sun, 11 Feb 2024 03:32:51 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame B4E6
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634094/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-2244847655937829&ias_chanId=1&ias_placementId=19422215943&bidurl=https://www.federalpay.or...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

162ms
60ms

Script
application/javascript

2600:9000:214f:ca00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Server: 2600:9000:214f:ca00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 22:03:47 GMT
x-amz-version-id: 8PMvHteRKvRPEFRUMcMvH4DtKr0E3g29
content-encoding: gzip
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 538146
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 09 Feb 2023 22:03:44 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: MjsnNtFIezAOcQ5Zpq3YI37DOPQZglZBrHG0wzlhCxp86za_79hGFg==

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
server: nginx
x-server-name: app06.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 5654 91 KB
23 KB 208ms
55ms Script
application/javascript 2600:9000:214f:ca00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ca00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 12743796
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: iQEcvWtJ2HRO78Ycoso3CaXus6SEc_GTsqY7koC7bPl9tz25vxj5kQ==

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 962D 29 KB
10 KB 46ms
42ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 10:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60089
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 10:51:22 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B4E6 43 B
215 B 617ms
120ms Image
image/gif 2600:1f18:1aca:4280:fb94:9156:e761:3b9e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ce9b26c8-d2a7-8b41-e0f4-ab439a7dd90c&tv=%7Bc:4lPLyn,pingTime:-3,time:62,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:63,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:sp,cc:0.0.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B57~0%5D,as:%5B57~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZGewN+11%7C12%7C13%7C141%7C151%7C152%7C161*.990511-61634094%7C1611%7C1612%7C1613%7C1614%7C1711%7C1712%7C181%7C191%7C1a1,idMap:161*,rmeas:1,rend:0,renddet:DIV,siq:23%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:fb94:9156:e761:3b9e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B4E6 43 B
215 B 618ms
121ms Image
image/gif 2600:1f18:1aca:4280:fb94:9156:e761:3b9e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ce9b26c8-d2a7-8b41-e0f4-ab439a7dd90c&tv=%7Bc:4lPLyp,pingTime:-6,time:64,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:64,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:sp,cc:0.0.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B58~0%5D,as:%5B58~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZGewN+11%7C12%7C13%7C141%7C151%7C152%7C161*.990511-61634094%7C1611%7C1612%7C1613%7C1614%7C1711%7C1712%7C181%7C191%7C1a1,idMap:161*,rmeas:1,rend:0,renddet:DIV,siq:23%7D&tpiLookup=ao:www.federalpay.org*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:fb94:9156:e761:3b9e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B148 42 B
64 B 82ms
79ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-QCCa9ZiMTgASpJX1BLUf_jwB3ztVKlUhl3I4AuKbGLX-YpJKHvbNVHD2xr-EEj_EKLOUNzBUzYUv_DGdK9IpfeS_hJcxTIVq5-gkdzc_nIJA0Hi91ejwShkhIX4DT-fbrZqu8C06swriV81B5_Wza48MrL7EMN4dypov_2YYAF1KmzNPBQxsffTaMWznefYLJ1OtKROw-xHW08Sh1xbORGdTZJKLao5Tgl8dNKLzZuIPZiH_oAdwnTnMHPjAlJ9RcTxlYgwMCLC4qZsnrmPyIEUDOZ1SCoNLLc6k3BH_pm6qy6-rEeCxUp6EL4UZCrY6wQXP5TnTgZoD0Ovb-nxTo48N4hbXm5p3pCabkD50UJ7OoN_zPFZY1aR6zMbUkD_ytixO6_3WEWlTq4ecOpO2GbnXNI5Ui2fVc54b-ZrsQMUtcR6qosQwsjyhICydKi08sfvKz4Z8KDPztIhc3VtVOaQujGgftu-rCwJKAxF7qhD29HE_VIj0GI21CMkx1jC-qvK1ax5Tbuk467ccdPkLkazTlI6sgMBiXU612Z9-NMZ8eJ8L-XP6ptpx6LDOwO2C07Ajcqtwwkl6DTUm37b11pByXiWogIoVpzMVzATvChg9wzmnwHwi3yvzfWTECK9mE4kWHE1TTcVGovgqy4lCjgVUweZOdLo0uAAZH__A4rmjVl6MYxHzVI-EshvLOj4Dhvp1kY_O6OjXnUTBxM65NgBxCKezr-QwPusDuyVMR5VJpGcQWMubGhCHvnmzMC67-oYkUB4maqieNn2AidBxW_3fFxahBi1FW2srEs_bystsXKJaFX8rW22VJ8PscoLTsn9eyBNTAHQxCvaiLZ7DFCYymRxeMLZ3Ss_fa39Z5XR8us7UGDheteGwFdhraoDGpnw_axS1ZDmyBo5bFhprNzJM-DHwxGgUUIKW9nwr8tqC3p_zjXLLLRVkETV_mIcWyvwgT8imfjyVOIidUdR0aqBqRYGfqGxeEH5nNS0E1edRh2mROitaItk3iA&sai=AMfl-YQ2ttE1U_k9IQ6w1KykAoEmLMpJ6wJVzpFp18CkJtvneGtvFDrmTnI_zJKsqvu1Othq28zofCSBR6IZKxg3EvV4A-PuXXm3yw&sig=Cg0ArKJSzHnKWUmXP0W0EAE&cid=CAQSGwDUE5ymV1khh_3vQsggIR9W9_mZPCXqHuxw1xgB&id=lidar2&mcvt=1025&p=0,0,500,180&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676518370525&rpt=318&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B4E6 43 B
215 B 615ms
120ms Image
image/gif 2600:1f18:1aca:4280:fb94:9156:e761:3b9e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ce9b26c8-d2a7-8b41-e0f4-ab439a7dd90c&tv=%7Bc:4lPLyC,pingTime:-2,time:77,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:933,beZ:935,mfA:936,cmA:937,inA:938,inZ:942,prA:942,prZ:949,si:956,poA:957,poZ:980,cmZ:980,mfZ:980,loA:997,loZ:1000,ltA:1010,ltZ:1010%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:320.50,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:320,h:50,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:77,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.320.50,am:sp,cc:0.0.320.50,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B71~0%5D,as:%5B71~320.50%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tvZGewN+11%7C12%7C13%7C141%7C151%7C152%7C161*.990511-61634094%7C1611%7C1612%7C1613%7C1614%7C1711%7C1712%7C181%7C191%7C1a1,idMap:161*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:23,sinceFw:52,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:fb94:9156:e761:3b9e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B4E6 0
0 125ms
87ms Fetch
image/gif 142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuHHKM2URFWgBp69B3YEKnndslaVrD2kPs9GfV10qP2btBwMy4-sTQNrUO7H8wly_uKPtkV1W0kdZFRpMzJ6x5szuLA7h7_tnRaUFiUcEaOKcHjQp4pu7C4PSwVlPn7vaNy2R2ubElAiS4vDZ_pOYTBusWembKe45JRO84K47aMpdfZRbby1Fek_qc0TfVAbMJ0x1wEP5bzv4rJG8Y7EacP6dUsrw_nt7T-F4dvU0Zlwei_0z_ooxGDohaMbsEb__7qgsThGN33XCTLdearuy6Qiji0unVTvaIFGLRx1z5bFla5FIxlRhs3Iij-OR7kP1ddW1SdvudNCaLpmLXCc6b-7Hag-MH95HXZgUqwj_3vS-zp3KyNaPMyM4FSSRRPcJiBG9M5SC_NfzIQHZ9z1Pvfkmd5fO_ctcHVwdK_UjjhwftIPQVFC623Mdwu2tnKISM5tYML2va_T3HMXa6lUSmkqFCXmGCttSRyTyFFOvgV-LeyKliK3QFYmukxUEDf-ChiPCraMBw_ES7Q6uL9EeZs6WyHkmRuztj9aaz-_utFs75q8n2gZ5Z_rWy8GOveWkliojaeKoX41EWsObvbOK2M-TWAVVNDiepuWRZYCzADGSzCJgi7Cs-jbl8e8dSMPcOArTR8VjXIqZJY7BUXRj2VK1WCWvGmXRbnQq9GWEv7y2AQFcdUCiOqCDxT5MOX7hq4_r_SOTiHlWewk79Hfzrhjj5cODUHtl6TFnEaqRjYQzkUDPyMIv4F10Rm4ebsVuLFFMXPvmm6eHlA6ppu1ZQmzQd1LBH2vSi8zuaYaTd-Ue2aVS_orZcFCXqkidwIHLdGS-e1cOc0xjILSs75bKdlqDxjTUGn1siQh98GbcbuHNTtSGljyxuEl5FqlTFafBhKEC0lMdh5aSa5DjmuWTE8LLBy4FNU4q5ZTA4G3FpwPZUwOKjWswodepEyJIMZb_L3AjYRfqhCfoP5ShegeamefVWclZnzGYmROskjpiIeCNna847jigQms1ZFZKzErGn48IO9eAWt8_VEp_Iv1H2hKQkuExHRdc_Y65b-c9WzFY-Nrs_l4vptTYIQUEldgal1lqheuFeTYagwITahW510zVg-oGBsHp1_oz4kPPcuAZ2wgpkvbcVwZjlcDD9HQwqsKG_LxERyN2obd7Jee8hG9Ejzt_XdmQv-wDZ9LChjE2nIxpv2sNheHv8aZUElZLRptreBVvu52uSA2qs-FuCVhJtS7UteAvwLVF-CdgP9SwZuSjqJ8bz1n3NYZ1B07AqoJoE1mRGA1A1ZUkNQ-e_YHcrCfYTrP4Azh50FIg&sai=AMfl-YQrAT9IakXQ7qHk0fxE6N98U9pE_omFtUd5-UoOFAR-Ga7jz0ImpmmWzx_kgjWFO8LLozE7euWXN8n_LcvVhu27LUUcFuOjhmEqPJtNFCSoNMe4liODyzs8Nt_EJaXzoz7-xE2lMkFB61HgFYB4Amwpn29FFW1UKj-drf7W-597umLd-4mSgRdJMmmL32_W2HjH7AGdKW1TlXnkr07U-HUwDlb4_KDjYqs2uRt1QoprFUCw-d7y2KYky5lFD5EN9uQG&sig=Cg0ArKJSzGAxhJLP8lUkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=699&vt=11&dtpt=255&dett=3&cstd=441&cisv=r20230213.55431&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Feb 2023 03:32:52 GMT

GET
H3 200 TUI_smile.svg
s0.2mdn.net/creatives/assets/3060934/ Frame 962D 1 KB
631 B 47ms
44ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/3060934/TUI_smile.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ad42648baede16996541d1293446e9b2a0df02bb5305b6e5131255872b37ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:27:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 310
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 603
x-xss-protection: 0
last-modified: Tue, 27 Nov 2018 13:48:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:42:42 GMT

GET
H3 200 cta_deals.svg
s0.2mdn.net/creatives/assets/4722971/ Frame 962D 5 KB
2 KB 54ms
50ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/cta_deals.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da933ef53458927e254187e40711b33abc36dafd95218f913db426cf3e676e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1864
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 07:45:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:41:55 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 962D 3 KB
1 KB 104ms
101ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:20:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 745
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:35:27 GMT

GET
H3 200 300x250_40_prozent.svg
s0.2mdn.net/creatives/assets/4722971/ Frame 962D 10 KB
3 KB 48ms
45ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/300x250_40_prozent.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

598a26c3e45c18d7c30ed10d4dcec143cc96f3b86873dd7956f3b928addb4808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:24:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2911
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 09:31:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:39:16 GMT

GET
H3 200 300x250_head_2.svg
s0.2mdn.net/creatives/assets/4722971/ Frame 962D 3 KB
1 KB 47ms
44ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/300x250_head_2.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ffd0d7eda36b8e9cca9c1a9e78d196dde0c1e1804e1bd58072f7449d521c3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:29:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1326
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 09:31:46 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:44:28 GMT

GET
H3 200 300x250_head_1.svg
s0.2mdn.net/creatives/assets/4722971/ Frame 962D 5 KB
2 KB 105ms
102ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/300x250_head_1.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

505f3bfd3582a6fd8bf79ffc45ca2fbcd03ea35c54d42c7405fe757cb85e9549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2030
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 09:31:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:44:50 GMT

GET
H3 200 mob_320x50_kv.jpg
s0.2mdn.net/creatives/assets/4722971/ Frame 962D 20 KB
20 KB 106ms
103ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4722971/mob_320x50_kv.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29578a238737a2f109e6ceea51d70a3bacc34064dbc76e859ad3c6e5db915dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786026858647040320/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:28:09 GMT
x-content-type-options: nosniff
age: 283
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20100
x-xss-protection: 0
last-modified: Tue, 29 Nov 2022 09:56:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Feb 2023 03:43:09 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4D4E 42 B
64 B 84ms
78ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOfG0z21_ituvLUIHZE8JV8ujH7cyWijVrJd6iqEZ-I8OWllERZ3Xl8dgtK1_8OIK3t-PXQcZtVVc1p_hV4NOzNZRf7asXtIc-diNp9GH6pB5GoD3TC7aUy1EuraIddXALypAONw&sai=AMfl-YSLrvjU7pqjmiSBms-sLc9lc0bRTfnQ8fzK189kcZSbRaUMgTKhkABSAqAJ8_yJU6DJnP_ENvrxUpmk&sig=Cg0ArKJSzAhlKu6IZLKAEAE&cid=CAQSGwDUE5ymV1khh_3vQsggIR9W9_mZPCXqHuxw1xgB&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=288,958,1002,1002,1002&tos=288,670,44,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676518370531&rpt=572&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B4E6 0
26 B 205ms
90ms Ping
image/gif 142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssndSBwdnMOx_tH61irvEkE5kcpP3pQ3k3pf-uU57X7oqaRbWa9jokgdN_a81vAwZsU6Ti_s8NwKouWjLM0bD4co4xme5u3u5KAgfp-hW_BTV8RlSco9_9dgf9YDTa97hy7a2CiFOTExmtjpF1axwEtTttUgnQptM28u9D_fQ&sai=AMfl-YTVFjIjc1QPjbWWNvPhSvb_1BrrWrxdYaWRBcpednpsVeRZykw3d9qhkOs0_mjbungO-Kgxlsu2Q2UMgcxzeR5onNhi28kLqRQeQY09bL0s9thrijK7xwg-hasCxA&sig=Cg0ArKJSzFJJtcgUFz6MEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 passback_320x50.js Show response
static.adsafeprotected.com/ Frame CEE4 3 KB
2 KB 40ms
40ms Script
application/javascript 2600:9000:214f:ca00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_320x50.js
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ca00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42ead8cc1210f1220cae1f70e354f4d259a3c9d03840ff835164ca6b88d5b67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 11 Feb 2023 18:00:29 GMT
x-amz-version-id: OqGNRLqe8PfZhkfzN_UrBUWLOfWw_KEh
content-encoding: gzip
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 379944
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:45 GMT
server: AmazonS3
etag: W/"aa53aba862f14fb5c1675b2887e7a083"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: H1ahNuX9Pm6B0cT0RYrrR_uVcqm10kr_OIC-pgdupk0s96UdgPiWnQ==

GET
H2 200 IAS_PassbackAds_320x50.png
static.adsafeprotected.com/ Frame CEE4 4 KB
4 KB 46ms
45ms Image
image/png 2600:9000:214f:ca00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_320x50.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ca00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f2c1e6c435859c72a29e9ef74e1c1b263dd8277521e6d5820204cc806adf661

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 12 Feb 2023 01:14:20 GMT
x-amz-version-id: _G4Ds6azo55r1BbSN3OW63JDFhqwSJRZ
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 353913
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 3772
last-modified: Fri, 18 Feb 2022 23:29:06 GMT
server: AmazonS3
etag: "7e6023f5e5568cc0026af9a88738418e"
content-type: image/png
cache-control: max-age=604800
accept-ranges: bytes
x-amz-cf-id: g-rjl8wLVvhC_5GVqFP56DGp7MQZ9qDDAQCPOdSNtGyxZ20wZkD2kw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B4E6 43 B
216 B 122ms
118ms Image
image/gif 2600:1f18:1aca:4280:fb94:9156:e761:3b9e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ce9b26c8-d2a7-8b41-e0f4-ab439a7dd90c&tv=%7Bc:4lPLGv,pingTime:-10,time:567,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEwLjAuNTQ4MS4xMDAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1676518372415%7C%7Cce41a3348f223e3a20c1ab42b86eae80%7C%7C41c5992836ce3b548d2ab9f4e4ccb0b4%7C%7C5527cd1db72471fddf7c10b830eff4d2%7C%7Ca61743bb0dbc1705f46d07b8723437cd%7C%7Cb7182d34dd6f9516f57889301c0faf0d%7C%7C0757cb699e22d33381d64140dcca643e%7C%7C5d11fa4e7b92e7515a01328511526350%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=50&adk=2997668557&adf=860136868&pi=t.aa~a.3239500717~rp.4&w=351&fwrn=4&fwrnh=100&lmt=1676518370&rafmt=1&to=qs&pwprc=9502040090&format=351x50&url=https%3A%2F%2Fwww.federalpay.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676518370414&bpp=1&bdt=2910&idt=1&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D7f8ca04c350b8f1a-2281f21094dc00e6%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w&gpic=UID%3D00000bb749611ba5%3AT%3D1676518368%3ART%3D1676518368%3AS%3DALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A&prev_fmts=0x0%2C351x280%2C160x240&nras=3&correlator=865048011137&frm=20&pv=1&ga_vid=281542447.1676518368&ga_sid=1676518369&ga_hid=854849690&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=986&ady=1353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427&oid=2&psts=AD37Y7ve5BndYSM0u1LRH44PuWo6-1ga_gi6kXZhd3ArXGHMOWQJTXMZlZAPxbvBRI32zXYIfDfVv6YY-ncoVdM&pvsid=1868356005816880&tmod=1344490217&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=DDNizXr60w&p=https%3A//www.federalpay.org&dtd=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:fb94:9156:e761:3b9e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 204 collect Show response
n.clarity.ms/ 0
48 B 127ms
126ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.7.2/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 16 Feb 2023 03:32:52 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

POST
H2 200 all
csm.eu.criteo.net/ Frame 9285 0
127 B 42ms
41ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Feb 2023 03:32:52 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 57E0 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvmeBbPOIyCIj5uQo3h3Pje9-RFjx1k40WemDmlZZtEcGJ7PXgrSRj3HH11-rz1vJ5P9mDLuM_owhOCmRvUEvYy4j8&sig=Cg0ArKJSzInokW5dQfTuEAE&id=lidar2&mcvt=1000&p=0,0,500,180&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676518370528&rpt=431&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&RedC=c.clarity.ms&MXFR=2C5BB4D42E1D626B02F4A66E2A1D6C89
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&MUID=22A41CA9C25E610207EE0E13C3D560D4

42 B
465 B

225ms
225ms

Image
image/gif

20.205.115.81
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&MUID=22A41CA9C25E610207EE0E13C3D560D4
Protocol: H2
Server: 20.205.115.81 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:53 GMT
last-modified: Mon, 30 Jan 2023 17:35:34 GMT
server: Microsoft-IIS/10.0
etag: "e0c74342d134d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A78F6612872749A6AE722C09E38121F8 Ref B: FRA31EDGE0522 Ref C: 2023-02-16T03:32:53Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4BDDD2BA333B4A82AC410B765ED80611&MUID=22A41CA9C25E610207EE0E13C3D560D4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 like.php Show response
web.facebook.com/v3.3/plugins/ Frame 0795 0
2 KB 190ms
65ms Document
text/html 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://web.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df22c718fd52c8e4%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=en_US&sdk=joey&share=false&show_faces=true&size=large&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=8b61f7a5f7be3039a20458ae0a740e97

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Feb 2023 03:32:53 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/web.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options: nosniff
x-fb-debug: 4Ad4Nvj9VuutXPO0O7vKUSNU0zur5ZTaLNr23PBZbkbJjIlxqHX+Giq16t8vFifBurL5evelw0WrgKn5mJb8Ew==
x-xss-protection: 0

GET
H2

200

share_button.php Show response
www.facebook.com/v3.3/plugins/ Frame E153
Redirect Chain

https://web.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalp...
https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpa...

41 KB
14 KB

435ms
102ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large&_rdc=1&_rdr

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=8b61f7a5f7be3039a20458ae0a740e97

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

023228f27f100a74f002b20b3d0e20579de9def24d1d5dcb6ae87893fa068483

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v9.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: jLxdgbMQ6MNoQfblii18lCNIrJcBiUY73zUrPig1UZ+iQebuEM37Di+MNcfiwx4GfFzV3EqeXgyz5oG5O1u2hg==
x-fb-rlafr: 0
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Thu, 16 Feb 2023 03:32:53 GMT
location: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large&_rdc=1&_rdr
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: rS4MyXBrV6ITxYKgkq+LwS3uFV5SpO1iRUtEhu5etwUywqINuXejr9illSJT7gZMLUAinbU3w3h2RnERcA85Ew==
x-fb-zr-redirect: 02|1676604773|

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 127ms
127ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230213&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71eebfa47ce539290e05a9f76d308e1869e71db7c996fab60654db9a757974f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11301
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 03:32:53 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 25C7 13 KB
5 KB 41ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 20626
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 21:49:07 GMT
expires: Thu, 15 Feb 2024 21:49:07 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 872C 783 B
533 B 51ms
51ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e4f0b157559246d1846ec70903c257f53a00501672099f870e69cc8e6988fce5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Li0DPQY1dYuxrAJurC1oQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-Li0DPQY1dYuxrAJurC1oQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 03:32:53 GMT
expires: Thu, 16 Feb 2023 03:32:53 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 872C 0
0 77ms
76ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230213&jk=1868356005816880&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 25C7 36 KB
14 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 25C7 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9EHWcg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:53 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 ruxaZoupmFj.png
static.xx.fbcdn.net/rsrc.php/v3/y8/r/ Frame E153 323 B
762 B 134ms
39ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/ruxaZoupmFj.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df19a3af271f5e8%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff11f94f8187ccf%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large&_rdc=1&_rdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

092cb8a7c234247243577529fa46f11c66216fb8c2b91a9e12d6bda73b739ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:53 GMT
x-content-type-options: nosniff
content-md5: mEtfkiuN8zERyZQcBN9jeg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 323
x-fb-rlafr: 0
x-fb-debug: 7gZBAotcU4Js/RC4K5jJMO02t3UQOpJjf96FbgEr/JPbSVCqL1pNlFHouHpi2DsR8XVD/HcuaVrPZ2qKLLfzRg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 09 Feb 2024 01:23:36 GMT

GET
H2 200 FszrneGmiNe.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yW/l/en_US/ Frame E153 526 KB
135 KB 136ms
45ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yW/l/en_US/FszrneGmiNe.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

643e58f21182c33a40fd23a30d705469f2ebc2478528f79647c0d440b86e86e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:32:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: qX8SIRWZkMYTEvp47LQ47Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 138360
x-fb-rlafr: 0
x-fb-debug: bVH6yx4wsPd4CYivIP509Vcnd1JU8lHNeTCK1tfWRwRJbxqirsciwIqaGGBU65+wGFs4YYME61NtphK3X8g73w==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 15 Feb 2024 22:36:24 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 77ms
76ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230213&jk=1868356005816880&bg=!kJOlk8fNAAYuhb89DoU7ADkAdvg8WnI3mnoDFyJTnUw2QpeH417WNpYX4l6ABmO4PZ1rPSjf2dAneXp7U_ea3e20Upx9vBkqJdgCAAAAYlIAAAADaAEHmQLJ0ImWwIcuda8cH7T2n_6lr-l6kB2oxbj99pAsM8l7gxoIymj2o35xVFsxmGYxriOY_ZkyXYDQOqq-Tr8ldGJNlYmaW4P3GyFdbpm4hhO8fumPB1zKDFFG_XxnUnfI3IxJT3Bd2256BsDA9RyI9q-KKVPR81SGIeUhvyAUwT43LtiNGogK7Ic80lwWMMpAk9gH8QcPNeKbxne89iQIT2lawzCRYQ8Bd4Ng5vXzXDph_nTBDqOwRux-cgHgNUXIMqrZko0CN9wbYRArDKccggFFsUJv9QUUcfIjTmSrExEF9Fl62ynaGotsNlujZruFg3nYUSedRBcf5bTn0JU2073GMokZRQYVtFpQcSTa74AuAeSfSR3yiVZcKLzFxQypQ02MmJxe7litqvwL5kIfYZJGjWBYpprHRvoG_BBlNh4gNCuTUY9iSjwDACLMUoxugGXXXxKCAm62059I2HxfJgIsOnShT_oBYN3bHp_If6r69_8BZnRNrh8WRbessFumgt8Ew0Gx8wC7yDmq7zB0fiP-1LxjkRYaxdLlirGxiaGJkInZYh-xIII0GU-sKV8oQsYVCPlZL79l_-CfwxbXN6kKd4sbJHfO6F1q3wYVxSwsLsIHVWUewfWl4-lvKkFF_Gt-B7OxtlNYBBcOZCuTXsLNr5tUWw3j9mhT-91zClzBw1YFhinpDhtv5SQjFboYnku_3fHG7rrnnGenvAolcAPmTil-o9HUynhgGJhlzREb-gpHJcH8_Ry-XF3CpTujvbnNrMZ8QD8lhFNh9Pr1JYQql7cqrwsDg-nr_vUv7VFmi-J_vtaxzVG4cN3jiUQxNK7fNbySxDQUl7RpexvypguZJ35EU8b8ZQZoZOPOgWUOyW44BffoBD-adpKjvPd4KwE8esHHzQpN714pObspCvWuamc4-Ex4tZ6na1aQkGF-xGl_u3fls5zWig8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4E6 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7747075914711&version=m202301230201&ct=76&x=1&cor=8122082087239648000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 47ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-69P9YCZJQH&gtm=45je32f0&_p=854849690&cid=281542447.1676518368&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1676518368&sct=1&seg=0&dl=https%3A%2F%2Fwww.federalpay.org%2F&dt=FederalPay.org%20-%20The%20Civil%20Employee%27s%20Resource&en=Clarity&_ee=1&ep.eventCategory=Clarity&ep.eventAction=u8t93j&ep.nonInteraction=true&ep.claritydimension=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fc5hu6eqo5c%2F1mjpd8h%2Fu8t93j&_et=862
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-69P9YCZJQH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.federalpay.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_inf_scr&r=s&pg_h=2114&su=www.federalpay.org&d=5000&pvc=1868356005816880&eid=44759875%2C44759926%2C44759837%2C42531706%2C31071755%2C31072427

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 03:32:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
n.clarity.ms/ 0
48 B 129ms
128ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.7.2/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 16 Feb 2023 03:32:55 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

POST
H2 200 all
csm.eu.criteo.net/ Frame EA73 0
127 B 54ms
36ms Ping
text/plain 2a02:2638:1::17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 16 Feb 2023 03:32:57 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

Verdicts & Comments Add Verdict or Comment

216 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.federalpay.org/	1970-01-20 09:42:05	Name: fp_federalpay_csrf Value: ce20f6f1de28e6707aaca524502e59fe
.federalpay.org/	1970-01-20 09:43:24	Name: _gid Value: GA1.2.1858894864.1676518368
.federalpay.org/	1970-01-20 09:41:58	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 18:27:34	Name: CLID Value: f31f44fec2d9440ca415f21290d28fcd.20230216.20240216
.federalpay.org/	1970-01-20 19:17:58	Name: _ga Value: GA1.1.281542447.1676518368
.federalpay.org/	1970-01-20 18:27:34	Name: _clck Value: 1mjpd8h\|1\|f96\|0
.federalpay.org/	1970-01-20 19:03:34	Name: __gads Value: ID=7f8ca04c350b8f1a-2281f21094dc00e6:T=1676518368:RT=1676518368:S=ALNI_MbPQWAfkMsQGWnm00WTQetOODzP0w
.federalpay.org/	1970-01-20 19:03:34	Name: __gpi Value: UID=00000bb749611ba5:T=1676518368:RT=1676518368:S=ALNI_MZQrXraCvRfAM7yreLIMxUcoXPh8A
.federalpay.org/	1970-01-20 19:17:58	Name: _ga_69P9YCZJQH Value: GS1.1.1676518368.1.0.1676518369.0.0.0
.federalpay.org/	1970-01-20 09:43:24	Name: _clsk Value: u8t93j\|1676518369355\|1\|1\|n.clarity.ms/collect
.federalpay.org/	1970-01-20 09:42:00	Name: __cf_bm Value: 3vQfueVoYBWxjf1GeAjnJyK5QA5lutO0RXq2XSuBZec-1676518369-0-Ac5W75BLJFnx6CmJL0+y/+/ZXW26OGjgASORTMivHdNN98qXWQrpwsJRMefAIj25OQFYKnfgfJsXJpeRY06ye1tLLK+UGEYaJeq0cFEbubTVQDX+Nt9sHxCWTvDiItloqMpIkuyLWSiTz2AtjtT3P18=
.doubleclick.net/	1970-01-20 19:03:34	Name: IDE Value: AHWqTUkAIZQUuLmxcdDVRIwxpSsTo_R9PXZ3OUy39dcXOhFNytTW_bv-0RnvH0QMFR0
.doubleclick.net/	1970-01-20 09:42:01	Name: DSID Value: NO_DATA
.lijit.com/	1970-01-20 18:27:34	Name: ljt_reader Value: GKgUqGZHV_RDGQ5cQ_G1Gg60
.w55c.net/	1970-01-20 19:09:19	Name: wfivefivec Value: GvNmnfis1Psv0T5
.w55c.net/	1970-01-20 10:25:10	Name: matchgoogle Value: 5
.3lift.com/	1970-01-20 11:51:34	Name: tluid Value: 2388110201545639589292
.casalemedia.com/	1970-01-20 11:51:34	Name: CMPS Value: 2177
.casalemedia.com/	1970-01-20 11:51:34	Name: CMPRO Value: 2177
.adnxs.com/	1970-01-20 11:51:34	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?%x9Zzp!@wnfH8K6pQK`!5=E<L5?%LffyPrw4fgF13`abDj4`fK/.u/-BR$(EHAhJ.bpRzqF1`b`E]*AR9e
.adnxs.com/	1970-01-20 11:51:34	Name: uuid2 Value: 7553650937267120916
.casalemedia.com/	1970-01-20 18:27:34	Name: CMID Value: Y.2j4-YQKWi9HBBPCQgDkAAA
.simpli.fi/	1970-01-20 18:29:00	Name: suid Value: C2B81DC2A85B4F49AEAF587C22DEB35B
.de17a.com/	1970-01-20 18:20:22	Name: guid Value: 1.9140371079861022922
.yahoo.com/	1970-01-20 18:27:55	Name: A3 Value: d=AQABBOOj7WMCECb8gWFNUUrnV_32JyWzeyIFEgEBAQH17mP3YwAAAAAA_eMAAA&S=AQAAAnGirhvKrpmm2zfD6vXBrn0
.pubmatic.com/	1970-01-20 09:43:24	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 18:27:34	Name: KADUSERCOOKIE Value: BC3A954E-E0FA-488A-959D-5E6FB7967062
.analytics.yahoo.com/	1970-01-20 18:27:34	Name: IDSYNC Value: 18yx~2a0r
.bing.com/	1970-01-20 19:03:34	Name: MUID Value: 22A41CA9C25E610207EE0E13C3D560D4
.c.bing.com/	1970-01-20 09:52:03	Name: MR Value: 0
.c.bing.com/	1970-01-20 19:03:34	Name: SRM_B Value: 22A41CA9C25E610207EE0E13C3D560D4
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 19:03:34	Name: MUID Value: 22A41CA9C25E610207EE0E13C3D560D4
.c.clarity.ms/	1970-01-20 09:52:03	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 09:41:58	Name: ANONCHK Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://pagead2.googlesyndication.com/pagead/show_ads.js?_=1676518367762(Line 71) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-2244847655937829&fa=3&ifi=7&uci=a!7&btvi=3&xpc=Mmx4yJMKYa&p=https%3A//www.federalpay.org Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271801&client=ca-pub-2244847655937829&fa=1&ifi=9&uci=a!9&btvi=5&xpc=Ff03d4l1ZX&p=https%3A//www.federalpay.org Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
ap.lijit.com
c.bing.com
c.clarity.ms
cat.nl.eu.criteo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
cse.google.com
csm.eu.criteo.net
d5p.de17a.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
match.adsrvr.org
n.clarity.ms
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pm.w55c.net
pr-bh.ybp.yahoo.com
region1.google-analytics.com
rtb.nl3.eu.criteo.com
s.ad.smaato.net
s0.2mdn.net
static.adsafeprotected.com
static.criteo.net
static.xx.fbcdn.net
stats.g.doubleclick.net
sync.teads.tv
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
web.facebook.com
www.clarity.ms
www.facebook.com
www.federalpay.com
www.federalpay.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
13.248.245.213
142.250.180.194
142.250.201.194
157.240.20.19
178.250.2.148
185.64.190.78
185.80.39.216
185.89.211.84
20.205.115.81
2001:4860:4802:34::36
213.155.156.181
216.52.2.6
23.203.125.36
2600:1f18:1aca:4280:fb94:9156:e761:3b9e
2600:9000:211a:c800:1b:5138:8a40:93a1
2600:9000:214f:ca00:8:48e:53c0:93a1
2606:4700:20::ac43:4507
2606:4700::6811:190e
2620:1ec:4e:1::44
2620:1ec:c11::200
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2006
2a00:1450:4001:813::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2008
2a00:1450:4001:830::2002
2a00:1450:400c:c0a::9b
2a00:1450:400d:802::2002
2a00:1450:400d:803::200e
2a00:1450:400d:806::2002
2a00:1450:400d:806::200e
2a00:1450:400d:806::2013
2a00:1450:400d:808::2002
2a00:1450:400d:80a::2002
2a00:1450:400d:80c::2002
2a00:1450:400d:80c::200a
2a02:2638:1::17
2a02:2638:1::4
2a02:2638:3::9
2a02:2638::3
2a02:2638::c
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:d29:3605:65c:856d:c47c:cddd
3.126.56.137
34.91.62.186
51.38.120.206
52.184.204.244
52.223.40.198
52.58.82.235
54.155.214.228
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
023228f27f100a74f002b20b3d0e20579de9def24d1d5dcb6ae87893fa068483
05e3c578cd274123d78787fd820253d4bb2254e09c78507f9752dddbcf62d580
078b1eaed954a40f2ecd30bb19c744b1e4fe4d8e894da67b90f51852d1065006
092cb8a7c234247243577529fa46f11c66216fb8c2b91a9e12d6bda73b739ed9
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a0acd631fd5704e940b9f486d3234aa9ab871881733f48d6edd3cb1f1a09ffc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
134de49da67973e2a9141c456cf0ca8f7f022400db7c57e77a491120f4f8c1c9
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
21ca4ab56be9cdc3b77aab85c0dac936e29f0549e12ddbf14e0c44f795bac9d9
226617de762d12d576f9eaba080511590ffaa876b3a48cd96b019293d415dc13
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
278b79f7fc149eb8ce484a5eeb7db0d160a8a34ab1437ce68bfa149b12d202f6
28f403366c2c520bfff7d5a0883f1d53e1e87ba1c8202f3f29e6395a0b66806d
29578a238737a2f109e6ceea51d70a3bacc34064dbc76e859ad3c6e5db915dd2
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
2e0fe839dbaeea0ad5f7f386e4246dfd27eb9e9408d39bd78a5b240eaff3bc80
2e43605ca32da904932a2e10a42487bc21d61dbe71524d83aea328d8fb6348c7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
38f18ef9933994ac96ca375d7ca227d371e25778bb1d54cd5f7134d4e7d66ffd
39ad42648baede16996541d1293446e9b2a0df02bb5305b6e5131255872b37ee
3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb
3deda25f1d4dacb2dcb6291e32e305b3390f6225a657f45ce798101dcfcb9865
3edbada655bef1b68e54890febd65a1612b96f65a9a2ffbf75df9e55465eaaa3
3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03
42ead8cc1210f1220cae1f70e354f4d259a3c9d03840ff835164ca6b88d5b67e
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bfa7a3417c761325430ed72a1e6acfdc9c7cf772386a5dea0564c6bdad28571
4d0485ca3370455d9431f60a8bb5ff8bc5f8a55126a096ee852526e3a940d317
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
505f3bfd3582a6fd8bf79ffc45ca2fbcd03ea35c54d42c7405fe757cb85e9549
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5865edd00ef76534c8e53a4225ed7fa42e9973104a116675522bea01a1a93f3a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
598a26c3e45c18d7c30ed10d4dcec143cc96f3b86873dd7956f3b928addb4808
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c5d87821b8806898a69c4e8cdc26f7fc8ea4bb175006aa060ca229f4810a0af
5dcac686e5164bd55ca5cdee8e8b253ad4208eff9d8acd7a2947623def87fcc3
5de77c6701eb667f708a0159a645cc214e64dc3d99a4acc3b5708aac0746baae
5f9376c77618bf0ef43bcabf8228c9e2befde3731087b944e140a88c34066873
5ffd0d7eda36b8e9cca9c1a9e78d196dde0c1e1804e1bd58072f7449d521c3fe
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61cfe1e4bad8332eaf07240b9a18cd9c20f55c526e9c0b9ad9bf3255265c695d
62177bd3e51010aca8f4ded8bb282c6871700426594e12c79c0ee3416381e149
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
643e58f21182c33a40fd23a30d705469f2ebc2478528f79647c0d440b86e86e7
64e69398cba2d0e3ee4000178b92a31aa2d294a9cbdaca9e41b5d1864088c607
65f8ad4173570e057e22f21d5bd0ceeec8e58c7792a425110eeb85ebd4486e5d
68875c837f994fa1d93eddca26a37d91c6114aac3ac589235492f76bfc8b4de4
6957ee1495fb247d4cf0ca4a1e5e372588df7ad06f8325295e062c545f7e10c6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d25c1070f595425708f5e33f7c5a0108498ab4ac3a5ef7e13da0c83c802a12c
6d3e8ffc82936e7001101b073ec18b18a70538cf58e8fdac1599725f05e19fc8
6fe6d13fa599e5de72b45ad29add45befb6100f913992b0ba80744b319dd1724
715635550fb66e2755d883679fd7071ad9ed96b6683f72f9000e9f9e1b9598db
71eebfa47ce539290e05a9f76d308e1869e71db7c996fab60654db9a757974f1
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7382be1f08de708262d459360afa78fa569239cd00ade6a33a466d0346cdf0c7
743940ca4cc7c9bee00a9b29cddeddf616a82b814f86024c8553d2ff994b6be3
77a44f65bb6894c92e3c7ccab98de0fc357172221cc1dd45949ab938c0c7756a
7f2c1e6c435859c72a29e9ef74e1c1b263dd8277521e6d5820204cc806adf661
7fcf730053ba74f980e15c1419e08714606f969edb7e53d8c734f717d24ccedb
807c14c68eaa25cb70ad95aa6b1d8fed9314aaad76e179950e9b2975d1aba10b
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84cb6d30f9a94898cb8d8abdf4fc7b615eaf1a0b3ef7d29f1f28fc60e1099119
865fa3bea1542f724eaa72b2a2ec9af3445570cd6be714f2b585536651d13756
86cedae3e9e649588cc3c57fbd7f70fbfb274ba9f27cbbc17ee0bbfc1e59e931
87b54a8348e6c889fc92235ffb4f3dd186480cf6fa36ba973f9d3cb8e6e0afe3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8fb194f8c71e8af1c806b1addbdb52ca6502257bd1a2aa400a86b04888271879
9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858
93731dfb508247e0f34f39e0fffbd337711e3a2701854b865a44553090ca3c93
943183889713daa24baaf124084e45f92a1912b81130c6383eb03dffeb554293
96915a5f1ca808fc1076bc123ff15c4b12ae1e78df5430f7a3e47af5300e6d2d
99b523edd72385876c466fc061393829b08dec3aa544963373b22a08fb97784f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a1e7ebe8c7ff87a27891ed2251c2d5c6a5cd4ea40eae24298414f9a0cb73b1c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0172d65150eb4e3f189e5a17015208703ba2aa42b64c6ef4035c050147493c9
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a81d25118c6f7d835e9ca132b995b8aca46e3575ee4ab2136ab96ac8d5e4688b
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
ab45052573567e130cc91484fde5a4f6c00f5b08e950bb2391c3482a9057d133
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b189f3ea3df83906ca1e90c1c82524266945c147ae429af7bbfcd74615b2ee63
ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bee52ff1d1de05f161e8e9c07ba45d38cdffda23d9b765945c10d754d84bae7a
bf6b4406be7ed96a51eb266f14b9c21a4888662fd4a9069aebf115bdd6c6986b
c07ec14b8592c8bff8b3af5c670a56f9e86cb8af430429478ca017993c266f42
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
d3e950d7436ccce0517856c26d9103998fd889490840db9a065a8c59a4ecbcdb
d4b11f933cf386a7fe46c63ed80a5b94286c02e9ede935237054e84486110edb
d7358c3a2a6d078a8f370ce02eb2c126902c2acc31b66bf3f7431afafe44a2de
d848596862dc467753be725168bcce54b0b80c5c12443ed32536f5d4d73eacf5
da933ef53458927e254187e40711b33abc36dafd95218f913db426cf3e676e20
e36e8c67d4dc194c3e39dd2c7da7458cb770be08dc04899482cc57574cfd3f66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e435810b6fa9c84b12eab2f91e053e3fe76b50fabc287888125a187663e2053f
e4f0b157559246d1846ec70903c257f53a00501672099f870e69cc8e6988fce5
ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c
f43193f67f2051d001cec906ade14b52786ae8d65631df00990beb7596f5880c
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2

www.federalpay.org Open in urlscan Pro 2606:4700:20::ac43:4507 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

244 Requests

92 %HTTPS

63 %IPv6

35 Domains

52 Subdomains

41 IPs

11 Countries

2607 kBTransfer

6735 kBSize

35 Cookies

2 Outgoing links

Page URL History

Redirected requests

244 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.federalpay.org Open in urlscan Pro
2606:4700:20::ac43:4507 Public Scan

Screenshot
Live screenshot

Full Image

244
Requests

92 %
HTTPS

63 %
IPv6

35
Domains

52
Subdomains

41
IPs

11
Countries

2607 kB
Transfer

6735 kB
Size

35
Cookies

244 HTTP transactions
8 data transactions