Submitted URL: https://federalpay.com/
Effective URL: https://www.federalpay.org/
Submission: On February 21 via automatic, source certstream-suspicious

Summary

This website contacted 17 IPs in 6 countries across 17 domains to perform 50 HTTP transactions. The main IP is 2606:4700:20::681a:db4, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.federalpay.org.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on November 6th 2019. Valid for: a year.
This is the only time www.federalpay.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
18 www.federalpay.org www.federalpay.org
cdnjs.cloudflare.com
5 pagead2.googlesyndication.com www.federalpay.org
cdnjs.cloudflare.com
pagead2.googlesyndication.com
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
4 cdnjs.cloudflare.com www.federalpay.org
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 www.facebook.com connect.facebook.net
2 sale.aliexpress.com 1 redirects 100widgets.com
2 100widgets.com pix.aws-ajax.com
100widgets.com
2 www.google-analytics.com www.federalpay.org
2 connect.facebook.net www.federalpay.org
connect.facebook.net
1 s.click.aliexpress.com 1 redirects
1 tsystatic.com 1 redirects
1 korfo.org 100widgets.com
1 statica.site 1 redirects
1 www.googletagservices.com pagead2.googlesyndication.com
1 stats.g.doubleclick.net www.federalpay.org
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 www.google.com www.federalpay.org
1 pix.aws-ajax.com www.federalpay.org
1 cse.google.com www.federalpay.org
1 federalpay.com 1 redirects
50 22

This site contains links to these domains. Also see Links.

Domain
www.milbases.com
www.opm.gov
www.gsa.gov
www.prouddev.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-11-06 -
2020-10-09
a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
*.google.com
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-01-16 -
2020-04-15
3 months crt.sh
statica.site
Let's Encrypt Authority X3
2019-12-11 -
2020-03-10
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
www.google.com
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
100widgets.com
COMODO RSA Domain Validation Secure Server CA
2017-10-19 -
2020-10-18
3 years crt.sh
korfo.org
Sectigo RSA Domain Validation Secure Server CA
2020-01-16 -
2022-04-19
2 years crt.sh
ae01.alicdn.com
DigiCert Secure Site ECC CA-1
2020-02-19 -
2020-08-16
6 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh

This page contains 10 frames:

Primary Page: https://www.federalpay.org/
Frame ID: FA0AA04D8F4367E07B5E36A393A72618
Requests: 41 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/zrt_lookup.html
Frame ID: 574646FC59EC3FDA0642BB7CC46BC789
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&adk=1812271804&adf=3025194257&lmt=1582304198&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1582304198629&bpp=14&bdt=146&fdt=68&idt=68&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8113521419195&frm=20&pv=2&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=33614368&dssz=17&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=79
Frame ID: 0F481C246E7FF42C9E7C82234804BE2A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=4362382463&adk=164512847&adf=4083911379&w=351&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1582304198643&bpp=9&bdt=159&fdt=88&idt=88&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=979&ady=593&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=1&uci=a!1&fsb=1&xpc=aQm5EtIQ2M&p=https%3A//www.federalpay.org&dtd=92
Frame ID: 6982AF6F312F2FF639E2CF655B12165A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=1151698819&w=160&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&to=qs&pwprc=4787984413&psa=0&guci=1.2.0.0.2.2.0.0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1582304198814&bpp=3&bdt=331&fdt=3&idt=3&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C351x280&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1345&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=U8cHSZzMpA&p=https%3A//www.federalpay.org&dtd=6
Frame ID: 0A2192C78768AF6777917673EEFEE8FD
Requests: 1 HTTP requests in this frame

Frame: https://korfo.org/vu/nl/
Frame ID: 7683B16B83AE849A27E9F7F352D0191C
Requests: 1 HTTP requests in this frame

Frame: https://sale.aliexpress.com/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3
Frame ID: EAC65C1B49B458F60A9112F32D292643
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df15e24f027326d4%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=en_US&sdk=joey&share=false&show_faces=true&size=large
Frame ID: A9952CCDA9B98DDB7DAA20B3510BF7B5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Dfff2efb5bb3778%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large
Frame ID: 65C39D5C59E7DE72B099F51BEC20D05C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: 94CAD4E7173C87D7C0BCC23A879B496A
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://federalpay.com/ HTTP 301
    https://www.federalpay.org/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

50
Requests

98 %
HTTPS

70 %
IPv6

17
Domains

22
Subdomains

17
IPs

6
Countries

768 kB
Transfer

1451 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://federalpay.com/ HTTP 301
    https://www.federalpay.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41
  • https://statica.site/stat HTTP 302
  • https://korfo.org/vu/nl/
Request Chain 42
  • https://tsystatic.com/b HTTP 302
  • https://s.click.aliexpress.com/e/5vBAQyBA?af=b;72588&cn=amsterdam&cv=72588&dp=95.174.67.83 HTTP 302
  • https://sale.aliexpress.com/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3 HTTP 302
  • https://sale.aliexpress.com/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.federalpay.org/
Redirect Chain
  • https://federalpay.com/
  • https://www.federalpay.org/
19 KB
5 KB
Document
General
Full URL
https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.0.33
Resource Hash
aeec0ad5190554f3790537f97f900efe437f70d55a5d37f98929623ddb9462ae

Request headers

:method
GET
:authority
www.federalpay.org
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Fri, 21 Feb 2020 16:56:38 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d7e243fd44ee1e89d9a098fd252fa59661582304198; expires=Sun, 22-Mar-20 16:56:38 GMT; path=/; domain=.federalpay.org; HttpOnly; SameSite=Lax
x-powered-by
PHP/7.0.33
pragma
public
cache-control
max-age=1726, public max-age=0, no-cache, s-maxage=10
expires
Fri, 21 Feb 2020 17:24:48 GMT
vary
Accept-Encoding
x-mod-pagespeed
1.13.35.2-0
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
568a41379ebe9724-FRA
content-encoding
br

Redirect headers

status
301
location
https://www.federalpay.org/
date
Fri, 21 Feb 2020 16:56:38 GMT
content-type
text/html; charset=UTF-8
server
ghs
content-length
224
x-xss-protection
0
x-frame-options
SAMEORIGIN
bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/
118 KB
18 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
HIT
age
1240716
cf-ray
568a41388bd2dfa9-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:26:03 GMT
server
cloudflare
etag
W/"5afd4aab-1d9ac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Wed, 10 Feb 2021 16:56:38 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.003
A.styles.css,qv=2019-10-19.pagespeed.cf.0BcoEjkFI5.css
www.federalpay.org/resources/css/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.federalpay.org/resources/css/A.styles.css,qv=2019-10-19.pagespeed.cf.0BcoEjkFI5.css
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
HIT
x-original-content-length
14936
age
9885181
cf-polished
origSize=11189
status
200
last-modified
Fri, 25 Oct 2019 07:31:50 GMT
server
cloudflare
etag
W/"0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Sat, 24 Oct 2020 07:31:50 GMT
cache-control
max-age=31536000
cf-ray
568a41388fa89724-FRA
cf-bgj
minify
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/
82 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
HIT
age
1240720
cf-ray
568a41388bd9dfa9-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-14938"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 10 Feb 2021 16:56:38 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.003
bootstrap.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/
36 KB
9 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
HIT
age
9970124
cf-ray
568a41388bdbdfa9-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:26:03 GMT
server
cloudflare
etag
W/"5afd4aab-9004"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 10 Feb 2021 16:56:38 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
global.js,qv=0.2.2.pagespeed.jm.WCbBq_HY_J.js
www.federalpay.org/resources/js/
3 KB
1 KB
Script
General
Full URL
https://www.federalpay.org/resources/js/global.js,qv=0.2.2.pagespeed.jm.WCbBq_HY_J.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2b7b41fcfd63f017e91a043cd1b0d83c30d1642fb611c9e3df583160bd05c5c

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
HIT
x-original-content-length
4017
age
9885181
status
200
cf-bgj
minify
last-modified
Fri, 25 Oct 2019 07:31:50 GMT
server
cloudflare
etag
W/"0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
568a4138f8119724-FRA
expires
Sat, 24 Oct 2020 07:31:50 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
106 KB
38 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b98f6a5ce66e34aa8219d1208b3534ccb4850e5b530390c7e757ecd62a8e733b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
38660
x-xss-protection
0
server
cafe
etag
1699192081238138211
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 21 Feb 2020 16:56:38 GMT
logo.png
www.federalpay.org/resources/img/
2 KB
2 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/logo.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1237430
status
200
content-length
1854
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"73e-52bc8369f9578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908359724-FRA
expires
Thu, 26 Mar 2020 23:21:33 GMT
brand
cse.google.com/coop/cse/
3 KB
1 KB
Script
General
Full URL
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
pfe /
Resource Hash
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:46:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
pfe
age
604
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1181
x-xss-protection
0
expires
Fri, 21 Feb 2020 17:16:34 GMT
opm-seal.png
www.federalpay.org/resources/img/
33 KB
33 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/opm-seal.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
4701030
status
200
content-length
33448
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"82a8-52bc8369f9960"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908369724-FRA
expires
Tue, 18 Feb 2020 00:52:13 GMT
logo-red.png
www.federalpay.org/resources/img/
2 KB
2 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/logo-red.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
4612583
status
200
content-length
1907
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"773-52bc8369f9578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908379724-FRA
expires
Tue, 18 Feb 2020 00:52:13 GMT
capitol-building.jpg
www.federalpay.org/resources/img/
46 KB
46 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/capitol-building.jpg
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65f8ad4173570e057e22f21d5bd0ceeec8e58c7792a425110eeb85ebd4486e5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
4575257
status
200
content-length
47092
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"b7f4-52bc8369f6698"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908389724-FRA
expires
Tue, 18 Feb 2020 00:52:13 GMT
capitol-building-2.jpg
www.federalpay.org/resources/img/
171 KB
171 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/capitol-building-2.jpg
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dcac686e5164bd55ca5cdee8e8b253ad4208eff9d8acd7a2947623def87fcc3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3019052
status
200
content-length
174892
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"2ab2c-52bc8369f6698"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908399724-FRA
expires
Tue, 17 Mar 2020 02:14:20 GMT
calculators.jpg
www.federalpay.org/resources/img/
83 KB
83 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/calculators.jpg
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6957ee1495fb247d4cf0ca4a1e5e372588df7ad06f8325295e062c545f7e10c6

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
cf-cache-status
HIT
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
age
4675978
etag
"14c12-52bc8369f5ec8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=5184000, s-maxage=10
accept-ranges
bytes
cf-ray
568a4139083a9724-FRA
content-length
85010
expires
Wed, 26 Feb 2020 21:48:46 GMT
general-schedule-employee.png
www.federalpay.org/resources/img/
9 KB
10 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/general-schedule-employee.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e43605ca32da904932a2e10a42487bc21d61dbe71524d83aea328d8fb6348c7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3057965
status
200
content-length
9645
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"25ad-52bc8369f9578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a4139083b9724-FRA
expires
Mon, 16 Mar 2020 04:13:44 GMT
federal-wage-system-employee.png
www.federalpay.org/resources/img/
7 KB
7 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/federal-wage-system-employee.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
865fa3bea1542f724eaa72b2a2ec9af3445570cd6be714f2b585536651d13756
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1233890
status
200
content-length
6831
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"1aaf-52bc8369f9578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a4139083c9724-FRA
expires
Thu, 26 Mar 2020 23:21:33 GMT
law-enforcement-officer.png
www.federalpay.org/resources/img/
8 KB
8 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/law-enforcement-officer.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05e3c578cd274123d78787fd820253d4bb2254e09c78507f9752dddbcf62d580

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
cf-cache-status
HIT
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
age
4575257
etag
"1e35-52bc8369f9578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=5184000, s-maxage=10
accept-ranges
bytes
cf-ray
568a4139083d9724-FRA
content-length
7733
expires
Tue, 18 Feb 2020 00:52:13 GMT
senior-executive-service-employee.png
www.federalpay.org/resources/img/
23 KB
23 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/senior-executive-service-employee.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e36e8c67d4dc194c3e39dd2c7da7458cb770be08dc04899482cc57574cfd3f66
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
939605
status
200
content-length
23200
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"5aa0-52bc8369fb0d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a4139083e9724-FRA
expires
Thu, 26 Mar 2020 23:21:33 GMT
army-officer.png
www.federalpay.org/resources/img/
7 KB
7 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/army-officer.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87b54a8348e6c889fc92235ffb4f3dd186480cf6fa36ba973f9d3cb8e6e0afe3

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
cf-cache-status
HIT
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
age
1319723
etag
"1b97-52bc8369f4758"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=5184000, s-maxage=10
accept-ranges
bytes
cf-ray
568a4139083f9724-FRA
content-length
7063
expires
Fri, 14 Feb 2020 22:08:50 GMT
external_link.png
www.federalpay.org/resources/img/
144 B
269 B
Image
General
Full URL
https://www.federalpay.org/resources/img/external_link.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a0acd631fd5704e940b9f486d3234aa9ab871881733f48d6edd3cb1f1a09ffc

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
cf-cache-status
HIT
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
age
3887844
etag
"90-52bc8369f81f0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=5184000, s-maxage=10
accept-ranges
bytes
cf-ray
568a413908409724-FRA
content-length
144
expires
Tue, 04 Feb 2020 07:04:26 GMT
Proud-Development-Logo.png
www.federalpay.org/resources/img/
6 KB
6 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/Proud-Development-Logo.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29cd37778c0e07fc33844b504ab55aba989f6a903bc4038227f5a53ae8346fa7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3574004
status
200
content-length
5990
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"1766-52bc8369f4370"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908419724-FRA
expires
Sat, 07 Mar 2020 12:48:19 GMT
MarathonGlobe.png
www.federalpay.org/resources/img/
14 KB
14 KB
Image
General
Full URL
https://www.federalpay.org/resources/img/MarathonGlobe.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aca7a374693fbd5f10e9688cfeaa76d533ea9e86fb95e30b31202a0a95da68c2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
2711593
status
200
content-length
14699
last-modified
Mon, 15 Feb 2016 05:23:13 GMT
server
cloudflare
etag
"396b-52bc8369f4370"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
cf-ray
568a413908429724-FRA
expires
Tue, 17 Mar 2020 02:14:23 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
62dc744f1b95afa5eb1e760d372a7db84b8604e6d87edfd60e3be9cd59f69878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.federalpay.org/
Origin
https://www.federalpay.org
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
uPxYsi+tOIeyas22cTwJqw==
status
200
date
Fri, 21 Feb 2020 16:56:38 GMT, Fri, 21 Feb 2020 16:56:38 GMT
expires
Fri, 21 Feb 2020 17:06:32 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1779
x-fb-debug
nr2ZYi3BXxcTYB8gHzcs+Iev1KeOKIBaH7XZKH2tKm5+24n6GxCLGOCoVvS885Ou+trRhMD6hDsvnIDe3nAHMQ==
x-fb-trip-id
420120009
x-fb-content-md5
86048285d4c9edfaa4d1399e180e05c7
etag
"c070b238c0b0afb34d912bac6d38c2fe"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
pixel-Federalpay.js
pix.aws-ajax.com/
325 B
527 B
Script
General
Full URL
https://pix.aws-ajax.com/pixel-Federalpay.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.102.6.94 Kyiv, Ukraine, ASN57682 (HVDS-AS, UA),
Reverse DNS
s3.zevshost.net
Software
nginx/1.14.1 / PHP/5.4.45
Resource Hash
a8af594e98124fdfb69db78da884375ca716f805d065ddea29cc4a025adacc09

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 16:56:38 GMT
Server
nginx/1.14.1
Connection
keep-alive
X-Powered-By
PHP/5.4.45
Content-Length
325
Content-Type
application/javascript; charset=UTF-8
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
4088
date
Fri, 21 Feb 2020 15:48:30 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Fri, 21 Feb 2020 17:48:30 GMT
glyphicons-halflings-regular.woff2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/
18 KB
18 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css
Origin
https://www.federalpay.org
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
cf-cache-status
HIT
age
9970110
cf-ray
568a41392ed164c7-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
18028
last-modified
Thu, 17 May 2018 09:26:03 GMT
server
cloudflare
etag
"5afd4aab-466c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
expires
Wed, 10 Feb 2021 16:56:38 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
served-in-seconds
0.001
show_ads.js
pagead2.googlesyndication.com/pagead/
80 KB
29 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js?_=1582304198561
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1b9e9ee767f3a3523078fd6803dfd17e4e3a42f2ccf20789b659b3633e3c0581
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30069
x-xss-protection
0
server
cafe
etag
9606241481377516417
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 21 Feb 2020 16:56:38 GMT
holiday-banner
www.federalpay.org/
17 B
127 B
XHR
General
Full URL
https://www.federalpay.org/holiday-banner
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:db4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.0.33
Resource Hash
3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03

Request headers

Accept
*/*
Referer
https://www.federalpay.org/
Origin
https://www.federalpay.org
X-Requested-With
XMLHttpRequest
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
PHP/7.0.33
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
status
200
cf-ray
568a4139285d9724-FRA
sdk.js
connect.facebook.net/en_US/
194 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=ba3dfc3d633a5f4c8aa7e9bdf2175dd7&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f9b3fed53b0ade78909d91b0106c3608d88252fd9a826749d980ce8505eeecb6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.federalpay.org/
Origin
https://www.federalpay.org
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
1a/UBN0TpBs0vo//wVS8AQ==
status
200
date
Fri, 21 Feb 2020 16:56:38 GMT, Fri, 21 Feb 2020 16:56:38 GMT
expires
Sat, 20 Feb 2021 16:39:04 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
59544
x-fb-debug
esXDHvQCiumys1qQ4OK/ksXlK7ar0jydYRlXyec0GvxpWZSmmwcciXMBt7QQw+emqmm8VqPj25Soj/ui7iLkqg==
x-fb-trip-id
420120009
x-fb-content-md5
702ee4df0e2c7b27502421803a24cfb9
etag
"126a77fbc90bfc38906bd4fbb305da14"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
googlelogo_lightgrey_46x16dp.png
www.google.com/cse/static/images/1x/
551 B
672 B
Image
General
Full URL
https://www.google.com/cse/static/images/1x/googlelogo_lightgrey_46x16dp.png
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad9b95dc8aec99a5335567c6f5f6df98de9a73db72d236b20363d94674ec65f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 04 Feb 2020 23:14:01 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Jan 2017 21:30:00 GMT
server
sffe
age
1446157
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
551
x-xss-protection
0
expires
Wed, 03 Feb 2021 23:14:01 GMT
integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.federalpay.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.federalpay.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/
221 KB
83 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0a450a92da271041893a519c9b9e1050b2229f74eb83ca5346e76203456d3691
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
84526
x-xss-protection
0
server
cafe
etag
16542440073614270090
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 21 Feb 2020 16:56:38 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/ Frame 5746
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200219/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 19 Feb 2020 21:29:28 GMT
expires
Wed, 04 Mar 2020 21:29:28 GMT
content-type
text/html; charset=UTF-8
etag
3560819023258359450
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4495
x-xss-protection
0
cache-control
public, max-age=1209600
age
156430
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
collect
www.google-analytics.com/
35 B
104 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=1550887672&t=pageview&_s=1&dl=https%3A%2F%2Fwww.federalpay.org%2F&ul=en-us&de=UTF-8&dt=FederalPay.org%20-%20The%20Civil%20Employee%27s%20Resource&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IGBAgEAB~&jid=1568026744&gjid=627650889&cid=333819529.1582304199&tid=UA-41947475-7&_gid=857651052.1582304199&z=2112777016
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 05 Feb 2020 00:38:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1441088
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/r/
35 B
102 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-41947475-7&cid=333819529.1582304199&jid=1568026744&gjid=627650889&_gid=857651052.1582304199&_u=IGBAgEAB~&z=621762234
Requested by
Host: www.federalpay.org
URL: https://www.federalpay.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Fri, 21 Feb 2020 16:56:38 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0F48
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&adk=1812271804&adf=3025194257&lmt=1582304198&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1582304198629&bpp=14&bdt=146&fdt=68&idt=68&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8113521419195&frm=20&pv=2&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=33614368&dssz=17&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=79
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0583047843012866&output=html&adk=1812271804&adf=3025194257&lmt=1582304198&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1582304198629&bpp=14&bdt=146&fdt=68&idt=68&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8113521419195&frm=20&pv=2&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=33614368&dssz=17&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=79
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 21 Feb 2020 16:56:38 GMT
server
cafe
content-length
919
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 21-Feb-2020 17:11:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 21 Feb 2020 16:56:38 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27674
x-xss-protection
0
expires
Fri, 21 Feb 2020 16:56:38 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 6982
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=4362382463&adk=164512847&adf=4083911379&w=351&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1582304198643&bpp=9&bdt=159&fdt=88&idt=88&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=979&ady=593&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=1&uci=a!1&fsb=1&xpc=aQm5EtIQ2M&p=https%3A//www.federalpay.org&dtd=92
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=4362382463&adk=164512847&adf=4083911379&w=351&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&psa=0&guci=1.2.0.0.2.2.0.0&format=351x280&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1582304198643&bpp=9&bdt=159&fdt=88&idt=88&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=979&ady=593&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=1&uci=a!1&fsb=1&xpc=aQm5EtIQ2M&p=https%3A//www.federalpay.org&dtd=92
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 21 Feb 2020 16:56:38 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 21-Feb-2020 17:11:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 21 Feb 2020 16:56:38 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 0A21
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=1151698819&w=160&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&to=qs&pwprc=4787984413&psa=0&guci=1.2.0.0.2.2.0.0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1582304198814&bpp=3&bdt=331&fdt=3&idt=3&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C351x280&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1345&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=U8cHSZzMpA&p=https%3A//www.federalpay.org&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=1151698819&w=160&fwrn=4&fwrnh=100&lmt=1582304198&rafmt=1&to=qs&pwprc=4787984413&psa=0&guci=1.2.0.0.2.2.0.0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2F&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&adsid=NT&dt=1582304198814&bpp=3&bdt=331&fdt=3&idt=3&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C351x280&nras=1&correlator=8113521419195&frm=20&pv=1&ga_vid=333819529.1582304199&ga_sid=1582304199&ga_hid=1550887672&ga_fc=0&iag=0&icsg=167832096&dssz=18&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=238&ady=1345&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065305&oid=3&pvsid=941244446724566&rx=0&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=U8cHSZzMpA&p=https%3A//www.federalpay.org&dtd=6
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 21 Feb 2020 16:56:39 GMT
server
cafe
content-length
205
x-xss-protection
0
set-cookie
IDE=AHWqTUmAzsq0sha7lfnM522TzdNax-ef2vq8V7tHAmB30gr6J0oQjmyac2MPwv23; expires=Wed, 17-Mar-2021 16:56:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Fri, 21 Feb 2020 16:56:39 GMT
cache-control
private
js_data.php
100widgets.com/
306 B
650 B
Script
General
Full URL
https://100widgets.com/js_data.php?id=278
Requested by
Host: pix.aws-ajax.com
URL: https://pix.aws-ajax.com/pixel-Federalpay.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.102.6.38 Kyiv, Ukraine, ASN57682 (HVDS-AS, UA),
Reverse DNS
100widgets.com
Software
nginx / PHP/5.4.45
Resource Hash
cfd76f8f2b5ed21afc907b2a26e5a1bad5664c9e6deaac474b7e6790354bd282

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Fri, 21 Feb 2020 16:57:07 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/5.4.45
Vary
Accept-Encoding
Content-Type
text/html
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
stat.js.php
100widgets.com/
711 B
529 B
Script
General
Full URL
https://100widgets.com/stat.js.php
Requested by
Host: 100widgets.com
URL: https://100widgets.com/js_data.php?id=278
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.102.6.38 Kyiv, Ukraine, ASN57682 (HVDS-AS, UA),
Reverse DNS
100widgets.com
Software
nginx / PHP/5.4.45
Resource Hash
14c4dc0641e9df922ce832a9dca0e90b0132c0298d1339fb6d40377b87b7fe6e

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 16:57:07 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/5.4.45
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
/
korfo.org/vu/nl/ Frame 7683
Redirect Chain
  • https://statica.site/stat
  • https://korfo.org/vu/nl/
0
0
Document
General
Full URL
https://korfo.org/vu/nl/
Requested by
Host: 100widgets.com
URL: https://100widgets.com/stat.js.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
176.9.60.211 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.211.60.9.176.clients.your-server.de
Software
nginx/1.12.2 /
Resource Hash

Request headers

Host
korfo.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.federalpay.org/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

Server
nginx/1.12.2
Date
Fri, 21 Feb 2020 16:56:39 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close

Redirect headers

Server
nginx/1.14.1
Date
Fri, 21 Feb 2020 16:56:39 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/5.4.45
Access-Control-Allow-Origin
*
Set-Cookie
jpgpics_stat=0; expires=Fri, 21-Feb-2020 17:56:39 GMT; path=/
Location
https://korfo.org/vu/nl/
newuser_zone.htm
sale.aliexpress.com/country@null/__pc/ Frame EAC6
Redirect Chain
  • https://tsystatic.com/b
  • https://s.click.aliexpress.com/e/5vBAQyBA?af=b;72588&cn=amsterdam&cv=72588&dp=95.174.67.83
  • https://sale.aliexpress.com/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff...
  • https://sale.aliexpress.com/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-...
0
0
Document
General
Full URL
https://sale.aliexpress.com/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3
Requested by
Host: 100widgets.com
URL: https://100widgets.com/stat.js.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.227.14.76 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a172-227-14-76.deploy.static.akamaitechnologies.com
Software
Tengine/Aserver /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
sale.aliexpress.com
:scheme
https
:path
/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
ali_apache_id=11.227.116.54.158230420075.486750.5; xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA%22%2C%22affiliateKey%22%3A%225vBAQyBA%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%22197548986%22%2C%22src%22%3A%22link-c-tool%22%2C%22tagtime%22%3A1582304200077%7D&acs_rt=6eaf3396e0a84a50a6fe793ade2daed3; acs_usuc_t=x_csrf=ukg2f19o6exb&acs_rt=6eaf3396e0a84a50a6fe793ade2daed3; aeu_cid=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA; xman_t=qvYR8EYx26FOkwx5yGB7FUuzcGwE1S1SVCj24GS44rBUwTFAJar7VBMwkMGlvVw4; xman_f=lrbkAShwJ8E8i/I+1H8nNo4wxya72QDO1zWC7gmvpp0ZZ10DE1OBQMRs+fDApqIJbCCLuiYaucWGVMn3prMVlAnsMADfmo+WCe7y793M7UkrSoEbrfshBw==; XSRF-TOKEN=01e6b650-6f79-4875-8834-f7b5033a0d93
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
content-type
text/html;charset=UTF-8
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
x-content-type-options
nosniff
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000 ; includeSubDomains max-age=31536000
server
Tengine/Aserver
eagleeye-traceid
0ab6f82415823041465601614e6a4b
timing-allow-origin
*
content-encoding
gzip
content-length
8656
cache-control
public, no-transform, max-age=36, s-maxage=120
expires
Fri, 21 Feb 2020 16:57:16 GMT
date
Fri, 21 Feb 2020 16:56:40 GMT

Redirect headers

status
302
content-length
0
p3p
CP="CAO PSA OUR"
location
https://sale.aliexpress.com/country@null/__pc/newuser_zone.htm?tmLog=NewuserZone_5983&af=b&72588&cn=amsterdam&cv=72588&dp=95.174.67.83&aff_request_id=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&aff_platform=link-c-tool&cpt=1582304200077&sk=5vBAQyBA&aff_trace_key=ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA&terminal_id=6eaf3396e0a84a50a6fe793ade2daed3
x-content-type-options
nosniff
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000 ; includeSubDomains max-age=31536000
server
Tengine/Aserver
eagleeye-traceid
0ab6f82215823042003685374e1057
timing-allow-origin
*
cache-control
public, no-transform, max-age=0, s-maxage=0
expires
Fri, 21 Feb 2020 16:56:40 GMT
date
Fri, 21 Feb 2020 16:56:40 GMT
set-cookie
xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA%22%2C%22affiliateKey%22%3A%225vBAQyBA%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%22197548986%22%2C%22src%22%3A%22link-c-tool%22%2C%22tagtime%22%3A1582304200077%7D&acs_rt=6eaf3396e0a84a50a6fe793ade2daed3; Domain=.aliexpress.com; Expires=Wed, 10-Mar-2088 20:10:47 GMT; Path=/; Secure; SameSite=None XSRF-TOKEN=01e6b650-6f79-4875-8834-f7b5033a0d93; Path=/; HttpOnly
like.php
www.facebook.com/v3.3/plugins/ Frame A995
0
0
Document
General
Full URL
https://www.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df15e24f027326d4%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=en_US&sdk=joey&share=false&show_faces=true&size=large
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=ba3dfc3d633a5f4c8aa7e9bdf2175dd7&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df15e24f027326d4%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=en_US&sdk=joey&share=false&show_faces=true&size=large
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0Re4CmZ71P1vnf7XG..BeUAvJ...1.0.BeUAvJ.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-content-type-options
nosniff
facebook-api-version
v3.3
x-xss-protection
0
content-type
text/html; charset="utf-8"
x-fb-debug
yY717jzdSMBDYJbpN3VpLITftndMvuVBptYTYjAWIi1fG9VMVRBsJkjEvIxgRRC6N6VaOfI4GmlL9NJ6aQpZyA==
date
Fri, 21 Feb 2020 16:56:41 GMT Fri, 21 Feb 2020 16:56:41 GMT
alt-svc
h3-24=":443"; ma=3600
share_button.php
www.facebook.com/v3.3/plugins/ Frame 65C3
0
0
Document
General
Full URL
https://www.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Dfff2efb5bb3778%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=ba3dfc3d633a5f4c8aa7e9bdf2175dd7&ua=modern_es6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Dfff2efb5bb3778%26domain%3Dwww.federalpay.org%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ffff775319311d8%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2F&layout=box_count&locale=en_US&sdk=joey&size=large
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
fr=0Re4CmZ71P1vnf7XG..BeUAvJ...1.0.BeUAvJ.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
strict-transport-security
max-age=15552000; preload
content-encoding
br
timing-allow-origin
*
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
x-content-type-options
nosniff
facebook-api-version
v3.3
x-xss-protection
0
content-type
text/html; charset="utf-8"
x-fb-debug
s/SSE++hMp06VeS21/h8KJXV4Op2k3SoyvptXScy6aRcZ9x7d9NhEMZiAxXiYqmjVr7/jdd/LEGAwtcpPJ2DFw==
date
Fri, 21 Feb 2020 16:56:41 GMT Fri, 21 Feb 2020 16:56:41 GMT
alt-svc
h3-24=":443"; ma=3600
sodar
pagead2.googlesyndication.com/getconfig/
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200219&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ad8bbf58c4e1090bca3dce777ea9a997a8804133b1f688f33a8bb0d2e1f7fbec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
Origin
https://www.federalpay.org
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 16:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5254
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
21 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 16:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1580338855439378"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
8104
x-xss-protection
0
expires
Fri, 21 Feb 2020 16:56:41 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame 94CA
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/206/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.federalpay.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.federalpay.org/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4624
date
Fri, 21 Feb 2020 16:01:01 GMT
expires
Sat, 20 Feb 2021 16:01:01 GMT
last-modified
Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3340
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gda_r20200219&jk=941244446724566&bg=!4OOl4_tYf-tgW2uAgvECAAAAM1IAAAAJmQFeCgY_HCkrgFUVSbi_v9If6T4_DQQ8UY3eB4qxuWeQ6IO_Arb6vT_LWqp9UNxP5Bw2kHgb4rVwKrTsMwAG8Aut8gSV5sgr1G_cuPZ1s-FoCAuO61NNQtXBciutXTN85xv21zGVPr2J4kY2Sq7RqyjeZI-YDaYElAxktRzMw3C14HDudFHu92ph7dWEjuw_we4Eumb7kIN-U6BakqrQw1RrZxiokygNuqtxd0_ApnuAIebdVg_kcSpaGoUCUsbp4UrP11LmZbqxQ_nV3vAq3SVaSC8nYfWrmiVTqfp_H4v2-K6izeGh11kv7pwwCZWrue_Wp3pEmupBn85bKzrNWgj4JFdlyrDe-hdXU6suK7iUmDFRx5uJCpcUqLSS8KLeT4a2hYKfn2ptJZ4NcjBPR6ZmbGxqlFewi1YAH2gZ0bvsXi5BmsDBlGblawdoKvHQbJdBie_PLx2136KRVC7ILPw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.federalpay.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 16:56:41 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| adsbygoogle string| SearchID string| PubID string| GoogleAnalyticsObject function| ga function| printDiv object| FB object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_t12n_vars boolean| _gfp_p_ number| google_lpabyc number| google_unique_id object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| google_onload_fired object| google_ad_block object| google_ad_channel object| google_ad_client object| google_ad_format object| google_ad_height object| google_ad_host object| google_ad_host_channel object| google_ad_host_tier_id object| google_ad_layout object| google_ad_layout_key object| google_ad_output object| google_ad_region object| google_ad_section object| google_ad_slot object| google_ad_type object| google_ad_unit_key object| google_ad_dom_fingerprint object| google_ad_semantic_area object| google_ad_width object| google_adtest object| google_allow_expandable_ads object| google_alternate_ad_url object| google_alternate_color object| google_apsail object| google_captcha_token object| google_city object| google_color_bg object| google_color_border object| google_color_line object| google_color_link object| google_color_text object| google_color_url object| google_container_id object| google_content_recommendation_ad_positions object| google_content_recommendation_columns_num object| google_content_recommendation_rows_num object| google_content_recommendation_ui_type object| google_content_recommendation_use_square_imgs object| google_contents object| google_core_dbp object| google_country object| google_cpm object| google_ctr_threshold object| google_cust_age object| google_cust_ch object| google_cust_criteria object| google_cust_gender object| google_cust_id object| google_cust_interests object| google_cust_job object| google_cust_l object| google_cust_lh object| google_cust_u_url object| google_disable_video_autoplay object| google_bfa object| ebfa object| ebfaca object| google_eids object| google_enable_content_recommendations object| google_enable_ose object| google_encoding object| google_font_face object| google_font_size object| google_frame_id object| google_full_width_responsive_allowed object| efwr object| google_full_width_responsive object| gfwroh object| gfwrow object| gfwroml object| gfwromr object| gfwroz object| gfwrnh object| gfwrnwer object| gfwrnher object| google_gl object| google_hints object| google_image_size object| google_kw object| google_kw_type object| google_lact object| google_language object| google_loeid object| google_max_num_ads object| google_max_radlink_len object| google_max_responsive_height object| google_ml_rank object| google_mtl object| google_native_ad_template object| google_native_settings_key object| google_num_radlinks object| google_num_radlinks_per_unit object| google_only_pyv_ads object| google_override_format object| google_page_url object| google_pgb_reactive object| google_pucrd object| google_referrer_url object| google_region object| google_resizing_allowed object| google_resizing_height object| google_resizing_width object| rpe object| google_responsive_formats object| google_responsive_auto_format object| armr object| google_rl_dest_url object| google_rl_filtering object| google_rl_mode object| google_rt object| google_safe object| google_safe_for_responsive_override object| google_scs object| google_source_type object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_tag_origin object| google_tag_partner object| google_targeting object| google_tfs object| google_video_doc_id object| google_video_product_type object| google_video_url_to_fetch object| google_webgl_support object| google_yt_pt object| google_yt_up object| google_package object| google_debug_params object| google_enable_single_iframe object| dash object| google_refresh_count object| google_restrict_data_processing function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy boolean| google_osd_loaded function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| j object| js object| ifrm object| ifrm2 object| GoogleGcLKhOms object| google_image_requests

19 Cookies

Domain/Path Name / Value
.aliexpress.com/ Name: _fbp
Value: fb.1.1582304201398.1768363458
.aliexpress.com/ Name: _gat
Value: 1
.aliexpress.com/ Name: _m_h5_tk_enc
Value: 31a7c9d84ee5ab69951a6ef130c81db7
.aliexpress.com/ Name: xman_t
Value: qvYR8EYx26FOkwx5yGB7FUuzcGwE1S1SVCj24GS44rBUwTFAJar7VBMwkMGlvVw4
.aliexpress.com/ Name: aeu_cid
Value: ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA
.aliexpress.com/ Name: acs_usuc_t
Value: x_csrf=ukg2f19o6exb&acs_rt=6eaf3396e0a84a50a6fe793ade2daed3
.aliexpress.com/ Name: xman_us_f
Value: x_l=0&x_as_i=%7B%22aeuCID%22%3A%22ea0cdf2ca8ac439ea7a7b1dc4dbd210a-1582304200077-07114-5vBAQyBA%22%2C%22affiliateKey%22%3A%225vBAQyBA%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%22197548986%22%2C%22src%22%3A%22link-c-tool%22%2C%22tagtime%22%3A1582304200077%7D&acs_rt=6eaf3396e0a84a50a6fe793ade2daed3
.doubleclick.net/ Name: IDE
Value: AHWqTUmAzsq0sha7lfnM522TzdNax-ef2vq8V7tHAmB30gr6J0oQjmyac2MPwv23
.aliexpress.com/ Name: ali_apache_id
Value: 11.227.116.54.158230420075.486750.5
.aliexpress.com/ Name: _gid
Value: GA1.2.1131523558.1582304201
.aliexpress.com/ Name: xman_f
Value: lrbkAShwJ8E8i/I+1H8nNo4wxya72QDO1zWC7gmvpp0ZZ10DE1OBQMRs+fDApqIJbCCLuiYaucWGVMn3prMVlAnsMADfmo+WCe7y793M7UkrSoEbrfshBw==
.federalpay.org/ Name: _gat
Value: 1
.aliexpress.com/ Name: _ga
Value: GA1.2.2017301920.1582304201
.federalpay.org/ Name: _ga
Value: GA1.2.333819529.1582304199
.federalpay.org/ Name: _gid
Value: GA1.2.857651052.1582304199
.aliexpress.com/ Name: cna
Value: yfnWFrRt6l0CAV+uQ1OdJiQ9
.aliexpress.com/ Name: _m_h5_tk
Value: 602b59dedd64eabab3d2d96bf7e281e5_1582306811249
sale.aliexpress.com/ Name: XSRF-TOKEN
Value: 01e6b650-6f79-4875-8834-f7b5033a0d93
.federalpay.org/ Name: __cfduid
Value: d7e243fd44ee1e89d9a098fd252fa59661582304198

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

100widgets.com
adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
connect.facebook.net
cse.google.com
federalpay.com
googleads.g.doubleclick.net
korfo.org
pagead2.googlesyndication.com
pix.aws-ajax.com
s.click.aliexpress.com
sale.aliexpress.com
statica.site
stats.g.doubleclick.net
tpc.googlesyndication.com
tsystatic.com
www.facebook.com
www.federalpay.org
www.google-analytics.com
www.google.com
www.googletagservices.com
172.227.14.76
176.9.60.211
192.102.6.38
192.102.6.72
192.102.6.94
2001:4860:4802:32::15
2606:4700:20::681a:db4
2606:4700::6811:4004
2a00:1450:4001:809::2001
2a00:1450:4001:80b::200e
2a00:1450:4001:815::2002
2a00:1450:4001:81a::2002
2a00:1450:4001:81f::2002
2a00:1450:4001:821::2004
2a00:1450:4001:825::2002
2a00:1450:4001:825::200e
2a00:1450:400c:c01::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
72.246.169.90
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05e3c578cd274123d78787fd820253d4bb2254e09c78507f9752dddbcf62d580
0a0acd631fd5704e940b9f486d3234aa9ab871881733f48d6edd3cb1f1a09ffc
0a450a92da271041893a519c9b9e1050b2229f74eb83ca5346e76203456d3691
14c4dc0641e9df922ce832a9dca0e90b0132c0298d1339fb6d40377b87b7fe6e
1b9e9ee767f3a3523078fd6803dfd17e4e3a42f2ccf20789b659b3633e3c0581
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
29cd37778c0e07fc33844b504ab55aba989f6a903bc4038227f5a53ae8346fa7
2e43605ca32da904932a2e10a42487bc21d61dbe71524d83aea328d8fb6348c7
3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb
3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03
4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
5dcac686e5164bd55ca5cdee8e8b253ad4208eff9d8acd7a2947623def87fcc3
62dc744f1b95afa5eb1e760d372a7db84b8604e6d87edfd60e3be9cd59f69878
65f8ad4173570e057e22f21d5bd0ceeec8e58c7792a425110eeb85ebd4486e5d
6957ee1495fb247d4cf0ca4a1e5e372588df7ad06f8325295e062c545f7e10c6
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
865fa3bea1542f724eaa72b2a2ec9af3445570cd6be714f2b585536651d13756
87b54a8348e6c889fc92235ffb4f3dd186480cf6fa36ba973f9d3cb8e6e0afe3
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
a8af594e98124fdfb69db78da884375ca716f805d065ddea29cc4a025adacc09
aca7a374693fbd5f10e9688cfeaa76d533ea9e86fb95e30b31202a0a95da68c2
ad8bbf58c4e1090bca3dce777ea9a997a8804133b1f688f33a8bb0d2e1f7fbec
ad9b95dc8aec99a5335567c6f5f6df98de9a73db72d236b20363d94674ec65f8
aeec0ad5190554f3790537f97f900efe437f70d55a5d37f98929623ddb9462ae
b98f6a5ce66e34aa8219d1208b3534ccb4850e5b530390c7e757ecd62a8e733b
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
c2b7b41fcfd63f017e91a043cd1b0d83c30d1642fb611c9e3df583160bd05c5c
cfd76f8f2b5ed21afc907b2a26e5a1bad5664c9e6deaac474b7e6790354bd282
e36e8c67d4dc194c3e39dd2c7da7458cb770be08dc04899482cc57574cfd3f66
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c
f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2
f9b3fed53b0ade78909d91b0106c3608d88252fd9a826749d980ce8505eeecb6
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c