www.federalpay.org Open in urlscan Pro
2606:4700:20::ac43:4507 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
Submission Tags: falconsandbox
Submission: On June 30 via api (June 30th 2022, 8:40:37 pm UTC) from US — Scanned from DE

Summary HTTP 198 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 43 IPs in 8 countries across 33 domains to perform 198 HTTP transactions. The main IP is 2606:4700:20::ac43:4507, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.federalpay.org. The Cisco Umbrella rank of the primary domain is 112912.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 15th 2022. Valid for: a year.

This is the only time www.federalpay.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:20:... 2606:4700:20::ac43:4507	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:401... 2a00:1450:4017:801::2003	15169 (GOOGLE) (GOOGLE)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
1 1	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
4	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:401... 2a00:1450:401b:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:27::... 2620:1ec:27::cafe:1501	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
22	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	20.75.32.255 20.75.32.255	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 27	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
18	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:400e:800::200a	15169 (GOOGLE) (GOOGLE)
1 1	209.140.129.66 209.140.129.66	11643 (EBAY) (EBAY)
1	104.75.89.51 104.75.89.51	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:401... 2a00:1450:401b:803::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:401... 2a00:1450:4017:803::2003	15169 (GOOGLE) (GOOGLE)
3 7	216.58.215.98 216.58.215.98	15169 (GOOGLE) (GOOGLE)
3 5	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1 2	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
198	43

13 2606:4700:20::ac43:4507 (United States)

ASN13335 (CLOUDFLARENET, US)

www.federalpay.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4017:801::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.21 (United States) 1 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:401b:80e::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1501 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.75.32.255 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

b.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400e:800::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.140.129.66 (United States) 1 redirects

ASN11643 (EBAY, US)
PTR: rover-public-slcaz01-1-1.ebay.com

www.ebayadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.89.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-51.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:401b:803::200e (Ireland)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4017:803::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.215.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: waw02s17-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.18.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:20e:face:b00c:0:2 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	607 KB
34	criteo.net static.criteo.net — Cisco Umbrella Rank: 606 pix.eu.criteo.net — Cisco Umbrella Rank: 6881 csm.eu.criteo.net — Cisco Umbrella Rank: 7033	276 KB
28	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 287	169 KB
15	gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com	224 KB
13	federalpay.org www.federalpay.org — Cisco Umbrella Rank: 112912	92 KB
8	google.com 3 redirects cse.google.com — Cisco Umbrella Rank: 3240 www.google.com — Cisco Umbrella Rank: 8 adservice.google.com — Cisco Umbrella Rank: 92	3 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 579 b.clarity.ms — Cisco Umbrella Rank: 5183 c.clarity.ms — Cisco Umbrella Rank: 1113	26 KB
6	criteo.com rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 10664 ads.eu.criteo.com — Cisco Umbrella Rank: 7052 rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 13468 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 8884	101 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	254 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	80 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	175 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 608 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576	5 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	4 KB
4	facebook.com 1 redirects web.facebook.com — Cisco Umbrella Rank: 240 www.facebook.com — Cisco Umbrella Rank: 96	19 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 244	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49 region1.google-analytics.com — Cisco Umbrella Rank: 2733	20 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 532	140 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 7751	914 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	104 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	86 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 1936	2 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 182	554 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 336	457 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 629	166 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1589	350 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 907	356 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 635	98 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1107	463 B
1	ebaystatic.com secureir.ebaystatic.com — Cisco Umbrella Rank: 4632	526 B
1	ebayadservices.com 1 redirects www.ebayadservices.com — Cisco Umbrella Rank: 4718	642 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	646 B
1	paypal.com 1 redirects www.paypal.com — Cisco Umbrella Rank: 2229	697 B
0	atdmt.com Failed ad.atdmt.com Failed
198	33

	Domain	Requested by
27	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
19	pagead2.googlesyndication.com	www.federalpay.org cdnjs.cloudflare.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
18	pix.eu.criteo.net	ads.eu.criteo.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.federalpay.org
14	static.criteo.net	ads.eu.criteo.com
13	www.federalpay.org	www.federalpay.org cdnjs.cloudflare.com
7	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
6	www.googletagservices.com	googleads.g.doubleclick.net
6	cdnjs.cloudflare.com	www.federalpay.org cdnjs.cloudflare.com ads.eu.criteo.com
5	s0.2mdn.net	www.federalpay.org s0.2mdn.net
5	fonts.googleapis.com	googleads.g.doubleclick.net cdnjs.cloudflare.com
5	www.google.com	2 redirects www.federalpay.org googleads.g.doubleclick.net tpc.googlesyndication.com
5	www.gstatic.com	www.federalpay.org googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	b.clarity.ms	www.clarity.ms
2	static.xx.fbcdn.net	www.facebook.com
2	c.clarity.ms	1 redirects
2	www.facebook.com	connect.facebook.net
2	web.facebook.com	1 redirects connect.facebook.net
2	googleads4.g.doubleclick.net	www.federalpay.org
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	cat.nl.eu.criteo.com	ads.eu.criteo.com
2	ads.eu.criteo.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.clarity.ms	www.federalpay.org www.clarity.ms
2	www.google-analytics.com	www.federalpay.org
2	www.googletagmanager.com	www.federalpay.org www.googletagmanager.com
2	connect.facebook.net	www.federalpay.org connect.facebook.net
2	www.paypalobjects.com	www.federalpay.org
1	c.bing.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	image6.pubmatic.com	googleads.g.doubleclick.net
1	rtb.openx.net	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	id.rlcdn.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	secureir.ebaystatic.com	www.federalpay.org
1	www.ebayadservices.com	1 redirects
1	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.paypal.com	1 redirects
1	cse.google.com	1 redirects
0	ad.atdmt.com Failed	googleads.g.doubleclick.net
198	52

This site contains links to these domains. Also see Links.

Domain
www.opm.gov
twitter.com
www.sba.gov

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-04-25` - `2023-04-25`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-09` - `2022-07-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-22` - `2022-08-24`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-27` - `2022-08-25`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-18` - `2022-08-13`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-12` - `2022-09-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
Frame ID: BFF17CD48F1ACB80AFD6D4A8D96402EE
Requests: 47 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20190131/zrt_lookup.html
Frame ID: 2079B5181108097226B0BD5B939C2B97
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&adk=1812271804&adf=3025194257&lmt=1656621631&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631055&bpp=4&bdt=293&idt=337&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=353
Frame ID: 37049B6E49EBCF507787AA8E103E4C65
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363
Frame ID: 5553FF90E0FBC519ECAC426384C4E181
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=7642463661&adk=1641099693&adf=3490918579&pi=t.ma~as.7642463661&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631062&bpp=2&bdt=300&idt=365&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2084&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=jFhOWuwUEs&p=https%3A//www.federalpay.org&dtd=367
Frame ID: 1D103C534BA49288A0F1C438F4DAFE5D
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=62564353&adf=1059711952&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631067&bpp=1&bdt=304&idt=366&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=SLdKOVlQyj&p=https%3A//www.federalpay.org&dtd=369
Frame ID: 9C5D73746FBBEBD0B56BEE31041EA950
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH1tIIFU7jAAtg7Ba3B6fNiEeROybOtw&u=%7CNgqsUGjJiFQ5IpTgWN9FAC0uIrUDWD5%2FnepNwvCSiaE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVIxOYy9o0MN5lNn1tXePsW0uB8q1FQhw4xVlInGSqQIZUCtgy2oyfd3WssJFzT-sRtQ1c5X0JREzdvaGnJMbScKZOE8EashF1y76yECx6-vauI2clOy-8OYi8p0nSN6SyxTV89kEmlkcWf9_1jVmaYk3yCG9vYJyXkWT_-rzS3ea4YYEcrTB2p3MuE-9wNRMuD595d1QQIdrVW9s168efxX_IQtWjCRYS5D9OJXt-1dKpyTfureEoYJRTtPj1QaiX05vzSA6AgarpLZ1KsBbqlCOx0McVNAru3eg8i4MNSbKu9DtF_wlQ6mQzDhVC9yCcjsgeq6uw50S8YlrA6XY6MhgkhA44CR9Fmjuo8BrNXjTYtdJeGgpH_y3YQBlAe1FilQhDeYUwGNToDWOGLqt3sc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCo-6MPwq-YtKtH-Od1fAP7MGtqAjJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA1ODMwNDc4NDMwMTI4NjagAdW20uoDyAEJqQLmfauE74-xPqgDAaoEgAJP0B5gazKogYRA0cOHmskb2aMEqSA8wFFAr__sTvT5tWW2Xiboi6M9mpDqpJenEP4pIVIEJA2wFvTLqPqpGqKjx9zHCoPI9aAsoswu9VVtgYDgAR5Rqr44UamKCCAFweLGTHneeLl8dx7ivQmyp6XAL1kc36yd9WUZRKTZi2ZNKPpkRlnjXxVjJsBKWFjN2yLHzKE-J5HWQ6E4IJzZXfEy_XQP_v7QllWErF8hlz-vAJa0XBBX0eno7WmVZFOVegDG5ECu35xVeMvp0WTCBYMQV2xsjDCmMVOSZte5e8YhoEMwf-Kf1PWGgG26xmGj_DtCwfAfbE9jISNpCo7KrdiugAbTpuexytSmvqQBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22A50NnJ2tqAXOU2HXhE4thy2ccg%26client%3Dca-pub-0583047843012866%26adurl%3D
Frame ID: 431C037110FBD0B425D1B34691F22DFF
Requests: 21 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH4DYK7flIAAcMRKw2fMPj64YtHjePWw&u=%7CNgqsUGjJiFT%2B8CWtgf04yIIUEMBv5Xbp%2BR1Cy87qxlw%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVKPU-CzOQKpP8_D_hDQnCXhmGLOwjfedDw5azSx4DbKlVtZJuIegvQ40ikRLPC28t6lPY7aOBx5BVIf6KqH3XkcC4gXnHHEu0JIkNpOmHre_pLqedZb5XuQrkCRy9aATjNFIVoi5dzcOfeVppQiq47NjNYD8bR5E9Fd8GRHsLTuBYe8vm2kEsG0xdgnetS_xxjdg5VgYnSL9oXtAVFVtFhswQYZFtvoAzXabDJEgqbZ0kmZ3B_tJ5VheCXpTLFQbO4zp_ZDrztICnIUvviYLazxPtXgynmXqupe1ncpdVktr334MtSnh4M-JIhdqJ9mWqnXtZVyvxQfKCtTfKjYNKeJqqJNlH1a0bKFMc2NHwm1tvKz_WYuF7_yvG4ZPA_XRuCACq6VAom7PtbL-6TiROES&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDhK7Pwq-YrbAH8jytwfEmJy4Dsme0rFclcmU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMjI0NDg0NzY1NTkzNzgyOaAB1bbS6gPIAQmpAuZ9q4Tvj7E-qAMBqgSAAk_QiMyqIfSEXh0PGEtjacvSLTDcfD_lLSoDXuEpBSjYcQZD-1IwGehfMgRXpZk0eDC7w08_mR5HbDkIWcJsWZptmc9akwEBoSWAdP1f8Wir_uAHAZGSxtA6xxd6f691ijuLPWVX0DKoHmy2W44g8kovhUwm00-KT4U7oDO1u8S9lnl8ggWMIx1I15li0VuIheuWrPCCFXPLHglGHV7dGGBA2Bo2dT6Dl5_xTgiRe2w2zS_zWm1KXve46YKNDP23XWIXJm85dMY-RNQm0UZHO2F6XDzfIW73x6fm5_ql6cvwle0vC8iiBwoQnSSELCkP6dHa2gWXu1mDtOfqpAbpJzSABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_17k6a_a4PltEr9J1b0ETNH6AQ1Fg%26client%3Dca-pub-2244847655937829%26adurl%3D
Frame ID: 911F348DCEF759D091B3B977AE8CB678
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Frame ID: AE1309AC9E21315D752125FE08D43B05
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1
Frame ID: 289738D7C2A5230A1A0D64490C0FF010
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1
Frame ID: F8659210B8731A5FDF20F0A60CA209DD
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: DFCDE3B774D444E6954E045354188274
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 59DC984F6EE8DDAA651B57D27E3BCC28
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B74AB1D270E221DE7341628F00FF6F49
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js
Frame ID: F845FD3891CF6B02D5FBAAC76412C089
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8Ne3xQEwAQ&v=APEucNVLcpb3yOOp3E8t8omahKdsYCwiTPSqmVhkJH14PMiovcXFOu9BEVjgQwrHQxpBqgjujkT40qYOBh3hjirL0WDiZVbPyDMx9Awe-lK55Wd4qjkK64D7F0AzlWic8TTuHeeeMeIddmUnO2JypNg6Fr3bYEOsMGwFnnePqzJFAQmosKrMUzQ
Frame ID: CB7F15B9E88766C43FE4EAD00B58C395
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js
Frame ID: B592C93239614E674CD2FCE24B89D42D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7BB2F4D7BB782C22A3151117F8C6CDE8
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E30D9BE4EAEB3D77322D690C3C23B7D5
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js
Frame ID: E5D1D32FCCEDC92725EE25E55722F0D8
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html
Frame ID: 9571FFD299352B15004329889BBFA2F1
Requests: 4 HTTP requests in this frame

Frame: https://web.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3746448221d104%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=pl_PL&sdk=joey&share=false&show_faces=true&size=large&width=
Frame ID: C371C07B21636DF5323DD54642658994
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr
Frame ID: 8383D0B9A32F83E66247F5B73594CA85
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5DD6FD5A20CFD90C082F495F88DAC9BA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 394BBF513F790D620365AE67A119B16C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kari Cattera in Tucson, AZ - SBA PPP Loan Data (Paycheck Protection Program)

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

198
Requests

94 %
HTTPS

60 %
IPv6

33
Domains

52
Subdomains

43
IPs

8
Countries

2388 kB
Transfer

5889 kB
Size

27
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.opm.gov/
Title: OPM.GOV

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Kari+Cattera+in+Tucson%2C+Arizona+received+2+PPP+loans+totaling+%2437%2C714+from+the+SBA.+Jobs%3A+1+Industry%3A+Racetracks.+Search+all+SBA+Paycheck+Protection+Program+loan+records+on+FederalPay.%20federalpay.org/paycheck-protection-program/kari-cattera-tucson-az&hashtags=FederalPay,PPP
Title: Tweet This

Search URL Search Domain Scan URL

URL: https://www.sba.gov/funding-programs/loans/coronavirus-relief-options/paycheck-protection-program
Title: Small Business Administration (SBA)

Search URL Search Domain Scan URL

URL: https://www.sba.gov/sites/default/files/2020-06/How-to-Calculate-Loan-Amounts-508_1.pdf
Title: official SBA PPP calculation rules

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 301
https://www.gstatic.com/prose/brandjs.js

Request Chain 14

https://www.paypal.com/en_US/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Request Chain 94

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-163300-122643-2&mkcid=4&mkevt=2&mpt=2634377385&gdpr=&gdpr_consent=&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=551583 HTTP 301
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 112

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN HTTP 301
https://tpc.googlesyndication.com/simgad/2401371329490837093

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 145

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1

Request Chain 155

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJt3HV7q2li81nZCXX-BJeA&google_cver=1

Request Chain 157

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0MDMzNzExNDE0MDM4NjcxMQ%3D%3D

Request Chain 169

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFpuj1CElLFcLNk1zqdZCTo&google_cver=1&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9jp63tDtutVdpA1OD6tNkMEtGTR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUxSFFXUkwtRi0yWFVE&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9jp63tDtutVdpA1OD6tNkMEtGTR

Request Chain 170

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_cver=1&google_push=ARnp8GArNa9SKsZchwF03TYCCoc34Z5p3MKhhzdviwKSh_56sqfg8cCdBR8BLe25tuqGwtVklPmQAG7iQi5EKB8H8d9kQAeGErTq HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAACLsAAAAB&google_nid=index&google_push=ARnp8GArNa9SKsZchwF03TYCCoc34Z5p3MKhhzdviwKSh_56sqfg8cCdBR8BLe25tuqGwtVklPmQAG7iQi5EKB8H8d9kQAeGErTq

Request Chain 185

https://web.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large HTTP 302
https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr

Request Chain 186

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&RedC=c.clarity.ms&MXFR=2BB4D2E93B47638723D1C33A3F476DEE HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&MUID=15D28241E0616E5A1CFB9392E10A6F6C

198 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request kari-cattera-tucson-az Show response
www.federalpay.org/paycheck-protection-program/ 31 KB
9 KB 458ms
400ms Document
text/html 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd7604746393f2ddcde6438b9e3770c74c80c4d4bc1828c4a37e8a00433b9787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7239b7a5cc369134-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 20:40:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FHq%2BFy%2FslKYbKIv4hiskVCP1lyP7mqo%2FK%2BL1dRH%2F47WW72PsT2N%2FlUb9fGE6ldC9pdENQDlJKRGd%2B6Gu4mSu8uQMvQf51GbUMx5AMHGPfMth4QPKOoseAB6b1cQ93rBDu5wab6byA7FbIxm45wVJg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/ 118 KB
16 KB 36ms
17ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4233347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16098
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-1d9ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tp0GqmdILOZ1RbD4yDESMNVJHf%2BES99E08WdySLDjviLxlfTsQeV5cke8JIWKN56mvAxUrTG4ZydwvuJP7NbM3mv7J%2F4NY2bhyGXhIan%2F6LslH9UVXnyVQAztR57GWesOjrsgdsRcuJQXP0ighVEaFed"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7a86f636939-FRA
expires: Tue, 20 Jun 2023 20:40:30 GMT

GET
H2 200 styles.css
www.federalpay.org/resources/css/ 11 KB
3 KB 37ms
36ms Stylesheet
text/css 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/resources/css/styles.css?v=2019-10-19

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 886
cf-polished: origSize=14936
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"605182f4-3a58"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ruui0fnS4mOeTARXfAK7V5oR9O%2FtyjCnZp8357vSSh4LlL7GO7iq6VGmUeIkrTBBey5qkyxaMRIXVbeusS9vrR963GntsjpbbSKPZ6yxhD3c%2FHjqEUOJEr3F2icGZZHNU1XK5lpvF%2B6zbjGiRrnVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 7239b7a8491a9134-FRA
cf-bgj: minify

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/ 82 KB
26 KB 38ms
20ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3015380
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26657
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-14938"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BOzWycM7a4bygIQ%2B6kEvY6fBCcwqfWt1CyZ6zXkX1SUXOksh%2FrvEn5ie9a5R1shP%2BsCHa5XpaqGDZZ%2BLKylWbwOTSv2R3Lgrx3FSfNkxldaoGw9eafu0UsPkJvtyEMpPYMZYVlkcII9BWzQpwOOAsar"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7a86f666939-FRA
expires: Tue, 20 Jun 2023 20:40:30 GMT

GET
H2 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/ 36 KB
9 KB 41ms
23ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3111218
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8654
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-9004"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGd3IaNj63zVNVeixsKGBZ1D3DzRJydj44995xuRE5a1afQlnCzblG65zYA8ji%2FH0sGg97rA0oFA78w9Gt28hD4vyxEhjWKRuJ46vdp%2BMbbcMes0RpLpfW%2F2ZfZ2hFUc38LCOcj241vKb7X1zZVnQE5S"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7a86f686939-FRA
expires: Tue, 20 Jun 2023 20:40:30 GMT

GET
H3 200 global.js Show response
www.federalpay.org/resources/js/ 3 KB
2 KB 23ms
22ms Script
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/resources/js/global.js?v=0.2.2

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

943183889713daa24baaf124084e45f92a1912b81130c6383eb03dffeb554293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3802
cf-polished: origSize=4017
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"605182f4-fb1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7r2Hgu0gisWt7JRvqxiYnSAElGBv1XbXZBqinwwPb%2Btg4Sf4OLIxlvA1xGoldKzzVQo%2Fs5Bjjv6jFM%2BunSZte7IEDjSYv66r%2BlwNny%2B%2FV7IjN3NyArFmFLiueE3c1yytXzbXzYRNxS8wT1Qxt1%2Faw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2678400
cf-ray: 7239b7a89a0e699f-FRA
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 162 KB
56 KB 166ms
79ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0e4497b19bc78d6847909052181ad2e48e8499e60962c4d3bbe16816a643ac1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56412
x-xss-protection: 0
server: cafe
etag: 2981056117674474330
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Jun 2022 20:40:30 GMT

GET
H3 200 invisible.js Show response
www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/ 45 KB
17 KB 20ms
19ms Script
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1656619200
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22f90456ef5e2b1d7320127400d1383cc7a97a583efd49eea5df2b184e3a5c7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmWTt5Mp1xiyC08JJbAAFY5lDbY7IWA%2F23QCvVoppyNvyyfFUpKKBCQg7sd9mgIywPyAfrAaqBXM27rFxwg2cNifTOb1eb7sAlh0ytY8LKTRhjafgy%2BreBSDSfq%2FUzR%2FSn5J14kmhSlnVg0Ny3L15w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7239b7a8aa2c699f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo.png
www.federalpay.org/resources/img/ 2 KB
2 KB 196ms
194ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1854
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "605182f4-73e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPehSvEDSKS7ltiZ%2FsMLqRz3tPlBxO7F8lA0n1%2FQJOfs%2FqHXAuTxtSwT3I71HlpnsxbwaQuvLb3gc2jZao36CiI%2Fbtn%2B0Di8VMl8q0vj4nbFiaFDGpVRHQGcIylPtwNElf6Q5lHwCdMj%2BqS%2Ffgrnww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7239b7a8aa34699f-FRA

GET
H2

200

brandjs.js Show response
www.gstatic.com/prose/
Redirect Chain

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://www.gstatic.com/prose/brandjs.js

14 KB
6 KB

204ms
57ms

Script
text/javascript

2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/prose/brandjs.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Server

2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 11:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5807
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 15:14:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 01 Jul 2022 11:22:25 GMT

Redirect headers

date: Thu, 30 Jun 2022 20:13:03 GMT
x-content-type-options: nosniff
server: sffe
age: 1647
content-type: text/html; charset=UTF-8
location: https://www.gstatic.com/prose/brandjs.js
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
expires: Thu, 30 Jun 2022 20:43:03 GMT

GET
H3 200 opm-seal.png
www.federalpay.org/resources/img/ 33 KB
33 KB 197ms
195ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/opm-seal.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33448
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "605182f4-82a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ap1ZMp4srFOCziwEOcUdAcTWkb8U%2BZOjlPE1BWMriZjrn8KxUxYXvrv3NCb%2BqDr9STwr3%2BQ8UaCw%2FxWUSofKwIW%2BQNnNVcw6VA4BjfQcenk0qKMS1ZeUkwCh1idB4G%2BEmyHQGbyBfWrSDk%2F1%2B4545A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7239b7a8aa36699f-FRA

GET
H3 200 logo-red.png
www.federalpay.org/resources/img/ 2 KB
2 KB 203ms
201ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo-red.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1907
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "605182f4-773"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJv7oyhwCr7IihVszOOObck77nLuCLfHJXhgy0t3o7v%2Bg4haOzfaSOfYsOazA68w2axbhaZkYoONnQ954%2Bgd2akI6zNTxezk1VIvy22cu8cmz4plH7BU4KItpgoUKtlBqPZrsw7LHb7E5QCQQWWcMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7239b7a8aa39699f-FRA

GET
H3 200 employee.svg
www.federalpay.org/resources/img/ 1 KB
1 KB 187ms
185ms Image
image/svg+xml 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/employee.svg

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c8c266275471879e1045e1b40d236ef72032da94110ed5837eb1eb10c26dd2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"605182f4-52c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyLcwclJ8SYVAx0w9ZN8gL406Aex7l0vFxNgmDaoibf%2FhyBM9cMy9SM%2F13Fd%2FvesFF2jO9tYLT3AhKZKi7GXweW7t50u3tnVLfAiM3pI%2FXdhARmzE0ux3jobkicj%2BGgSanBevmjhdgAJR1FpBP%2BkgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=2678400
cf-ray: 7239b7a8aa3b699f-FRA

GET
H3 200 tweet.png
www.federalpay.org/resources/img/ 1 KB
2 KB 204ms
202ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/tweet.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43d3bea2567fb23db60f47dbc6769540a6f8e36f7a1537e4ac6cc83ada60b025

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1177
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "605182f4-499"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ON5ES%2BXdLpP5b3Uwh%2BZ0EJDok1hS4QoCCZF4Mte2InBastZMndZ%2FPMdO0%2Ban59S1YT8Bin5oq%2FaxKFc%2B2eSgtrkkvyZCS3CmrIyjUJG2IfG3Rcy2Pm6DNcYIKUn3sAEFuOsr7V14Fvm8DewTQYZ1rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7239b7a8aa3e699f-FRA

GET
H2 200 btn_donate_SM.gif
www.paypalobjects.com/en_US/i/btn/ 1 KB
2 KB 78ms
15ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (muc/3372) /

Resource Hash

b14234740394e59287bce1f6f3a594a8f221b382552b35658f1ef15d16ee662b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
server: ECAcc (muc/3372)
etag: "5d5637bd-5a7"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
content-type: image/gif
paypal-debug-id: eb515818cc9c0
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 1447
expires: Thu, 30 Jun 2022 21:40:30 GMT

GET
H2

200

pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain

https://www.paypal.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

43 B
188 B

17ms
16ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (muc/3381) /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 16 Aug 2019 04:57:34 GMT
server: ECAcc (muc/3381)
etag: "5d5637be-2b"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
content-type: image/gif
paypal-debug-id: 81b5359302d60
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 43
expires: Thu, 30 Jun 2022 21:40:31 GMT

Redirect headers

date: Thu, 30 Jun 2022 20:40:31 GMT
via: 1.1 varnish
traceparent: 00-0000000000000000000f659124204ccd-f6ec4bb264c5a757-01
x-timer: S1656621631.888694,VS0,VE140
x-served-by: cache-hhn4033-HHN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f659124204ccd
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-cache-hits: 0

GET
H3 200 logo-blue-trans.png
www.federalpay.org/resources/img/ 10 KB
10 KB 185ms
184ms Image
image/png 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.federalpay.org/resources/img/logo-blue-trans.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fe6d13fa599e5de72b45ad29add45befb6100f913992b0ba80744b319dd1724

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9890
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Mar 2021 04:17:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "605182f4-26a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=my3AiNhABLDY1SKdrbLw%2FH%2B%2B2fAdTgsGM43okY15DqwXH%2B3e0b19nglbT%2BxZ53ymao9dPytiThlfdpdS70KmW7fESg2%2BUFJIUXYWoWHM97UzXQFuhy9%2FFHgbBZVUi%2F2ctrKnEN%2F3Swh2OmJpvhZBZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 7239b7a8aa40699f-FRA

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 30ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8e8d673cf3215b6037b351fae6cfd67c06e3a20b5f607207ee9aabb87ae17ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.federalpay.org/
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: bxJChF9kqKIgGuZ2SKrKGQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: gN7pvUfZdehwlbeg8A0xdSvJqKOFRk9T2NPsOIF1fP4lU5/fxqwEJW4lL2OMhM2ro0mmbIX30CBx+QZszQnjYw==
x-fb-trip-id: 917726464
x-fb-content-md5: 5621198bd418fd9844f949bbd6edcb37
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 20:40:30 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ee182bdab401640e47ff61e7179fd24e"
timing-allow-origin: *
expires: Thu, 30 Jun 2022 20:59:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 87 KB
34 KB 130ms
50ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PBK8X4G

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2ca57ee8e29d812d75dad379eeffa81f200e4ab0878cb15c4b60c92cd00802d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34519
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:16:05 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Jun 2022 20:40:30 GMT

GET
H3 200 glyphicons-halflings-regular.woff2
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/ 18 KB
18 KB 32ms
21ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 10800703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18028
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-466c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1xZdU7MahiP0jGl8CUCfFZsqkPID%2BccgdXOA26CNsvyj4RpmJg3XQC6YcARx0fV88sMKyPmetY5XicdQWSlItGUkcZpeuxWJda4QsM2SKcuQBCjQuazW1j%2FlGN10PCIy2wcU%2BMnZlys%2FflFcR7V0J5u"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7a8db9f6997-FRA
expires: Tue, 20 Jun 2023 20:40:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 153ms
44ms Script
text/javascript 2a00:1450:401b:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:401b:80e::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4071
date: Thu, 30 Jun 2022 19:32:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 30 Jun 2022 21:32:40 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 116 KB
39 KB 100ms
98ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js?_=1656621630816

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2ea67ffb17b1041dd754561f2afe8a977de25e7e675b5a6a24b824c85879258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39829
x-xss-protection: 0
server: cafe
etag: 12044337546885389417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 30 Jun 2022 20:40:30 GMT

POST
H3 200 holiday-banner Show response
www.federalpay.org/ 17 B
563 B 184ms
184ms XHR
application/json 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.federalpay.org/holiday-banner

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASbjIzPRarf65k9QW0Xi6kq%2FmlnJY%2B%2BP7Pj3YMp%2Bi4Sq1Ox82serlkdJw6h3P65VARHaEMTAaSZAM2zLagA5NU3Ft4GurehiI%2F8slFw09%2Bq%2FQjIS1Iwl1EJhbJCISKWQPlSfbSeIoRSkwHqPLfqjyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray: 7239b7a96b35699f-FRA
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 294 KB
84 KB 18ms
9ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=355d8f2e8d159c2bf5ce3090e3d8102e

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

da1a3b3b62d70a2716174f3a66757911eea4904c706c909baf664e1d6ca18c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.federalpay.org/
Origin: https://www.federalpay.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: +9edGer5k0GufMdnHCgqCw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86041
x-fb-rlafr: 0
x-fb-debug: 0FfWoRhK+entHPzTaOlGSu5SGiKmqVIB7P/lkyaosDLz/ZwnLASLCORNXZZH6RoIoPXieaRFP+NXQINFd7V1zw==
x-fb-content-md5: b134cbd4dad765311b609514d7afe863
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 20:40:30 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "884f03a14dc8db5c2bc06cd17e6ac4d6"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 30 Jun 2023 19:47:20 GMT

GET
H3 200 pica.js
www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/ 23 KB
9 KB 18ms
18ms Other
application/javascript 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b7a0f003683f9a959f9b2977b4edaac6e5c81921c0ed89c8d380941ff5228eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2Z%2BpLw1pEHllXgOf1AJaKnZoTN8wZMmz8vdke%2BNmsu%2FlERb1TzNWXlAa2%2FPEIL1sxZU9Wu2n68m4cQN03gHyZqfhNw9fgIgNwi5r4tEYbh1oX%2BCy%2FH3vvxcXpRWQBmZWn09PiHc4Zfur4OlwtotyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 7239b7a97b41699f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
70 KB 125ms
50ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-69P9YCZJQH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PBK8X4G

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a4671bb1628ee29282edd52e7575bd45e435f2a381c8dd120fa121a2c4c7b73d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71259
x-xss-protection: 0
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 c5hu6eqo5c Show response
www.clarity.ms/tag/ 2 KB
2 KB 197ms
116ms Script
application/x-javascript 2620:1ec:27::cafe:1501
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/c5hu6eqo5c?ref=gtm2
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1501 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 80348bcab329157707e771f99704f6f6bbc56b2e375509e84c54bec6fd56cfed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
x-powered-by: ASP.NET
x-azure-ref: 0Pwq+YgAAAABxxpmRCnVFSY9kgdjpXMk9QlJVMzBFREdFMDQxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
content-length: 1643
expires: -1

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206290101/ 340 KB
120 KB 140ms
63ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0583047843012866&plah=www.federalpay.org&bust=31068289

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb5cab8d0f2d329578c252536c21c723f04d486c281d7ca418bb591e7f007ea3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122454
x-xss-protection: 0
server: cafe
etag: 2679628577207051924
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220628/r20190131/ Frame 2079 10 KB
5 KB 117ms
35ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220628/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 15:39:02 GMT
etag: 10429905676100781186
expires: Thu, 14 Jul 2022 15:39:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 7239b7a5cc369134 Show response
www.federalpay.org/cdn-cgi/challenge-platform/h/b/cv/result/ 2 B
733 B 36ms
36ms XHR
text/plain 2606:4700:20::ac43:4507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/cv/result/7239b7a5cc369134
Requested by: Host: www.federalpay.org
URL: https://www.federalpay.org/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1656619200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h2N592mQj%2BApAxzipSw6ksdkSWUd%2BluF%2BUPrXP3qaAuEdblex6xqkOG8YbjdTlP%2FsdXK6Z%2FaIkkb4w9Ekz4Dmc%2FajBGxjJ507juukk8fRudg1cBSw7THVhMiqPtTpR0qgaYoZd5h%2BI4ay331kZr7bA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7239b7abce87699f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
442 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-41947475-7&cid=228871077.1656621631&jid=2060184357&gjid=405914523&_gid=1111950166.1656621631&_u=IGBAgEABAAAAAE~&z=1600589946

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 30 Jun 2022 20:40:31 GMT
content-type: text/plain
access-control-allow-origin: https://www.federalpay.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 131ms
43ms Image
image/gif 2a00:1450:401b:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=796335041&t=pageview&_s=1&dl=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&ul=en-us&de=UTF-8&dt=Kari%20Cattera%20in%20Tucson%2C%20AZ%20-%20SBA%20PPP%20Loan%20Data%20(Paycheck%20Protection%20Program)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=2060184357&gjid=405914523&cid=228871077.1656621631&tid=UA-41947475-7&_gid=1111950166.1656621631&z=953276273

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:401b:80e::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 08:59:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 42069
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2/s/0.6.34/ 53 KB
23 KB 106ms
106ms Script
application/javascript 2620:1ec:27::cafe:1501
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/c5hu6eqo5c?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1501 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:30 GMT
content-encoding: br
etag: "1d88bc3d8d26054"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0Pwq+YgAAAAA+XP3NZl9OQIKuiZD6/96uQlJVMzBFREdFMDQxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

POST
H2 204 collect
region1.google-analytics.com/g/ 0
350 B 114ms
41ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-69P9YCZJQH&gtm=2oe6t0&_p=796335041&_z=ccd.v9B&cid=228871077.1656621631&ul=en-us&sr=1600x1200&_s=1&sid=1656621631&sct=1&seg=0&dl=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&dt=Kari%20Cattera%20in%20Tucson%2C%20AZ%20-%20SBA%20PPP%20Loan%20Data%20(Paycheck%20Protection%20Program)&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-69P9YCZJQH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.federalpay.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
2 KB 130ms
39ms Image
image/png 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 07:29:50 GMT
x-content-type-options: nosniff
age: 565841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 24 Jun 2023 07:29:50 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
646 B 111ms
38ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.federalpay.org&callback=_gfp_s_&client=ca-pub-0583047843012866

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206290101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0583047843012866&plah=www.federalpay.org&bust=31068289

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

5b1aa52495203e4769f095d2f3ecabc73bf7a626fdead2659cc738366f38dec8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 202
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 132ms
45ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 138ms
51ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3704 234 KB
61 KB 597ms
524ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&adk=1812271804&adf=3025194257&lmt=1656621631&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631055&bpp=4&bdt=293&idt=337&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=353

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ad11c37b399c0deae59208dcfbdf2b0ac7abe880bc90c3fb71c8d1cb7ace60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 62657
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:31 GMT
expires: Thu, 30 Jun 2022 20:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5553 97 KB
31 KB 679ms
620ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

139f371de00926473cd5d7b5e541259a0187ba80fce66ccfbe864bdd8de9730d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 31286
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:32 GMT
expires: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D10 22 KB
9 KB 395ms
343ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=7642463661&adk=1641099693&adf=3490918579&pi=t.ma~as.7642463661&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631062&bpp=2&bdt=300&idt=365&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2084&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=jFhOWuwUEs&p=https%3A//www.federalpay.org&dtd=367

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c428fd4e912ba8982bf9b8f61e18de4931ee1408ef9b5e364354926694ad70e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9563
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:31 GMT
expires: Thu, 30 Jun 2022 20:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9C5D 22 KB
9 KB 399ms
353ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=62564353&adf=1059711952&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631067&bpp=1&bdt=304&idt=366&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=SLdKOVlQyj&p=https%3A//www.federalpay.org&dtd=369

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01f367b07bd9d3c11f565ac5fb32520856dcb7b4b18fade31b6be51dd51df482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9546
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:31 GMT
expires: Thu, 30 Jun 2022 20:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect Show response
b.clarity.ms/ 0
178 B 397ms
190ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 30 Jun 2022 20:40:31 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 1D10 3 KB
1 KB 164ms
50ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=7642463661&adk=1641099693&adf=3490918579&pi=t.ma~as.7642463661&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631062&bpp=2&bdt=300&idt=365&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2084&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=jFhOWuwUEs&p=https%3A//www.federalpay.org&dtd=367

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D10 138 KB
43 KB 167ms
53ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 1D10 17 KB
8 KB 152ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1D10 0
0 79ms
79ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CJWdCPwq-YtKtH-Od1fAP7MGtqAjJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA1ODMwNDc4NDMwMTI4NjagAdW20uoDyAEJqQLmfauE74-xPqgDAaoE_QFP0B5gazKogYRA0cOHmskb2aMEqSA8wFFAr__sTvT5tWW2Xiboi6M9mpDqpJenEP4pIVIEJA2wFvTLqPqpGqKjx9zHCoPI9aAsoswu9VVtgYDgAR5Rqr44UamKCCAFweLGTHneeLl8dx7ivQmyp6XAL1kc36yd9WUZRKTZi2ZNKPpkRlnjXxVjJsBKWFjN2yLHzKE-J5HWQ6E4IJzZXfEy_XQP_v7QllWErF8hlz-vAJa0XBBX0eno7WmVZFOVegDG5ECu35xVeMvp0WTCBYMQV2xsjDCmMRGQR0U-9FoyH98k3DKicg2PlGcMzE-7fo-K_Fbt01FPOabDjp11gAbTpuexytSmvqQBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0wNTgzMDQ3ODQzMDEyODY2GAA&sigh=ZaNHkUgpv2E&uach_m=[UACH]&cid=CAQSGwCNIrLMdyxpaSSrUbdJ9-2_iftfccV4TZw9cxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=7642463661&adk=1641099693&adf=3490918579&pi=t.ma~as.7642463661&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631062&bpp=2&bdt=300&idt=365&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2084&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=jFhOWuwUEs&p=https%3A//www.federalpay.org&dtd=367
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Jun 2022 20:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame 1D10 0
0 204ms
52ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kLeyEsz6RPQGmAKdg2ICAgAAAJhMl3zHv4RjED8KvmIPjWXtqPsQsy0zlQASAAA&wp=Yr4KPwAH1tIIFU7jAAtg7Ba3B6fNiEeROybOtw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
server: Kestrel
server-processing-duration-in-ticks: 303910
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 431C 165 KB
49 KB 197ms
167ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH1tIIFU7jAAtg7Ba3B6fNiEeROybOtw&u=%7CNgqsUGjJiFQ5IpTgWN9FAC0uIrUDWD5%2FnepNwvCSiaE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVIxOYy9o0MN5lNn1tXePsW0uB8q1FQhw4xVlInGSqQIZUCtgy2oyfd3WssJFzT-sRtQ1c5X0JREzdvaGnJMbScKZOE8EashF1y76yECx6-vauI2clOy-8OYi8p0nSN6SyxTV89kEmlkcWf9_1jVmaYk3yCG9vYJyXkWT_-rzS3ea4YYEcrTB2p3MuE-9wNRMuD595d1QQIdrVW9s168efxX_IQtWjCRYS5D9OJXt-1dKpyTfureEoYJRTtPj1QaiX05vzSA6AgarpLZ1KsBbqlCOx0McVNAru3eg8i4MNSbKu9DtF_wlQ6mQzDhVC9yCcjsgeq6uw50S8YlrA6XY6MhgkhA44CR9Fmjuo8BrNXjTYtdJeGgpH_y3YQBlAe1FilQhDeYUwGNToDWOGLqt3sc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCo-6MPwq-YtKtH-Od1fAP7MGtqAjJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA1ODMwNDc4NDMwMTI4NjagAdW20uoDyAEJqQLmfauE74-xPqgDAaoEgAJP0B5gazKogYRA0cOHmskb2aMEqSA8wFFAr__sTvT5tWW2Xiboi6M9mpDqpJenEP4pIVIEJA2wFvTLqPqpGqKjx9zHCoPI9aAsoswu9VVtgYDgAR5Rqr44UamKCCAFweLGTHneeLl8dx7ivQmyp6XAL1kc36yd9WUZRKTZi2ZNKPpkRlnjXxVjJsBKWFjN2yLHzKE-J5HWQ6E4IJzZXfEy_XQP_v7QllWErF8hlz-vAJa0XBBX0eno7WmVZFOVegDG5ECu35xVeMvp0WTCBYMQV2xsjDCmMVOSZte5e8YhoEMwf-Kf1PWGgG26xmGj_DtCwfAfbE9jISNpCo7KrdiugAbTpuexytSmvqQBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22A50NnJ2tqAXOU2HXhE4thy2ccg%26client%3Dca-pub-0583047843012866%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

df31df5a9d4fbf404f0ea887e0a124083accbcdbe9bf098f6632183cc903ddc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:31 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=I4ULhOcupumI3fAFp3NxyOunDwE0igbryM3EPkaKG8RdLM4BUqCVyMaQ-OLebD2Pyqh_y2Yi-GpePVi2byU3q03DxCJxFTzheMwrip4N8Hq2XJfDIO38pz5MsSeEj7CVfIGFwB5z7sGC_C41XCERGuyyLNI5sXhTbHnPpn-lbc8PBwZ7sW9D7dRak178fXDdDiKb6XM2SVxg2uGoG8qT18PVCNAydF1InfPiuOY817NfntcV9oIG7x7hCnwyhumxJwgp6g"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 146544190
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 9C5D 3 KB
1 KB 156ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=62564353&adf=1059711952&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631067&bpp=1&bdt=304&idt=366&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=SLdKOVlQyj&p=https%3A//www.federalpay.org&dtd=369

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C5D 138 KB
42 KB 206ms
101ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 9C5D 17 KB
7 KB 148ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9C5D 0
0 82ms
81ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEL1ZPwq-YrbAH8jytwfEmJy4Dsme0rFclcmU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMjI0NDg0NzY1NTkzNzgyOaAB1bbS6gPIAQmpAuZ9q4Tvj7E-qAMBqgT9AU_QiMyqIfSEXh0PGEtjacvSLTDcfD_lLSoDXuEpBSjYcQZD-1IwGehfMgRXpZk0eDC7w08_mR5HbDkIWcJsWZptmc9akwEBoSWAdP1f8Wir_uAHAZGSxtA6xxd6f691ijuLPWVX0DKoHmy2W44g8kovhUwm00-KT4U7oDO1u8S9lnl8ggWMIx1I15li0VuIheuWrPCCFXPLHglGHV7dGGBA2Bo2dT6Dl5_xTgiRe2w2zS_zWm1KXve46YKNDP23XWIXJm85dMY-RNQm0UZHO2F6XDzfIW73haXHdX0qddhPCfmM2_UE_wMEl5KOAjGNXRnnfPcopXWbMU1ut7mABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTIyNDQ4NDc2NTU5Mzc4MjkYAA&sigh=hheuKKMQfvE&uach_m=[UACH]&cid=CAQSGwCNIrLM2Shok26qmHeSSjxHuttjGU7nFfUHtRgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=62564353&adf=1059711952&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631067&bpp=1&bdt=304&idt=366&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=SLdKOVlQyj&p=https%3A//www.federalpay.org&dtd=369
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Jun 2022 20:40:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 30 Jun 2022 20:40:31 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 9C5D 0
0 61ms
19ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kPSWEsz6RPQGmAKdg2ICAgAAAIj-jny526BdED4KvmJLUQKVwVnDSY1JbgASAAA&wp=Yr4KPwAH4DYK7flIAAcMRKw2fMPj64YtHjePWw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
server: Kestrel
server-processing-duration-in-ticks: 223750
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 911F 164 KB
52 KB 109ms
89ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH4DYK7flIAAcMRKw2fMPj64YtHjePWw&u=%7CNgqsUGjJiFT%2B8CWtgf04yIIUEMBv5Xbp%2BR1Cy87qxlw%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVKPU-CzOQKpP8_D_hDQnCXhmGLOwjfedDw5azSx4DbKlVtZJuIegvQ40ikRLPC28t6lPY7aOBx5BVIf6KqH3XkcC4gXnHHEu0JIkNpOmHre_pLqedZb5XuQrkCRy9aATjNFIVoi5dzcOfeVppQiq47NjNYD8bR5E9Fd8GRHsLTuBYe8vm2kEsG0xdgnetS_xxjdg5VgYnSL9oXtAVFVtFhswQYZFtvoAzXabDJEgqbZ0kmZ3B_tJ5VheCXpTLFQbO4zp_ZDrztICnIUvviYLazxPtXgynmXqupe1ncpdVktr334MtSnh4M-JIhdqJ9mWqnXtZVyvxQfKCtTfKjYNKeJqqJNlH1a0bKFMc2NHwm1tvKz_WYuF7_yvG4ZPA_XRuCACq6VAom7PtbL-6TiROES&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDhK7Pwq-YrbAH8jytwfEmJy4Dsme0rFclcmU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMjI0NDg0NzY1NTkzNzgyOaAB1bbS6gPIAQmpAuZ9q4Tvj7E-qAMBqgSAAk_QiMyqIfSEXh0PGEtjacvSLTDcfD_lLSoDXuEpBSjYcQZD-1IwGehfMgRXpZk0eDC7w08_mR5HbDkIWcJsWZptmc9akwEBoSWAdP1f8Wir_uAHAZGSxtA6xxd6f691ijuLPWVX0DKoHmy2W44g8kovhUwm00-KT4U7oDO1u8S9lnl8ggWMIx1I15li0VuIheuWrPCCFXPLHglGHV7dGGBA2Bo2dT6Dl5_xTgiRe2w2zS_zWm1KXve46YKNDP23XWIXJm85dMY-RNQm0UZHO2F6XDzfIW73x6fm5_ql6cvwle0vC8iiBwoQnSSELCkP6dHa2gWXu1mDtOfqpAbpJzSABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_17k6a_a4PltEr9J1b0ETNH6AQ1Fg%26client%3Dca-pub-2244847655937829%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

df332a29db424e7bf51c0f249ccbd3d5b3d22665ad882c2e253db6a34338b051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:31 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=mHAAi-cupumI3fAFzeDYv2Scdr2n-yHkShVMvJzUCO8JoQm2AtaRB4wLXZADG9T6iQPKOxN1gCQCYKt2_RS92-CXs3IMec2mBNetXrHjJ6o20RXMbih4YBHnFTXre1rn5uFIyoy_hkcuET3pHJsf0uiDQvB8bycMkM8O7UT2qzAUePPxVyVjLRZqtyqDWFDUWhkD3D0VcMM1NRGPSQBCkGB01bvdy8ClwyHPxI0Rzil-CR8IIcjJyl3q0NBLgGqx6cG2nS8avItgRg0E"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 73169583
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 911F 2 KB
1 KB 48ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH4DYK7flIAAcMRKw2fMPj64YtHjePWw&u=%7CNgqsUGjJiFT%2B8CWtgf04yIIUEMBv5Xbp%2BR1Cy87qxlw%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVKPU-CzOQKpP8_D_hDQnCXhmGLOwjfedDw5azSx4DbKlVtZJuIegvQ40ikRLPC28t6lPY7aOBx5BVIf6KqH3XkcC4gXnHHEu0JIkNpOmHre_pLqedZb5XuQrkCRy9aATjNFIVoi5dzcOfeVppQiq47NjNYD8bR5E9Fd8GRHsLTuBYe8vm2kEsG0xdgnetS_xxjdg5VgYnSL9oXtAVFVtFhswQYZFtvoAzXabDJEgqbZ0kmZ3B_tJ5VheCXpTLFQbO4zp_ZDrztICnIUvviYLazxPtXgynmXqupe1ncpdVktr334MtSnh4M-JIhdqJ9mWqnXtZVyvxQfKCtTfKjYNKeJqqJNlH1a0bKFMc2NHwm1tvKz_WYuF7_yvG4ZPA_XRuCACq6VAom7PtbL-6TiROES&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDhK7Pwq-YrbAH8jytwfEmJy4Dsme0rFclcmU93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItMjI0NDg0NzY1NTkzNzgyOaAB1bbS6gPIAQmpAuZ9q4Tvj7E-qAMBqgSAAk_QiMyqIfSEXh0PGEtjacvSLTDcfD_lLSoDXuEpBSjYcQZD-1IwGehfMgRXpZk0eDC7w08_mR5HbDkIWcJsWZptmc9akwEBoSWAdP1f8Wir_uAHAZGSxtA6xxd6f691ijuLPWVX0DKoHmy2W44g8kovhUwm00-KT4U7oDO1u8S9lnl8ggWMIx1I15li0VuIheuWrPCCFXPLHglGHV7dGGBA2Bo2dT6Dl5_xTgiRe2w2zS_zWm1KXve46YKNDP23XWIXJm85dMY-RNQm0UZHO2F6XDzfIW73x6fm5_ql6cvwle0vC8iiBwoQnSSELCkP6dHa2gWXu1mDtOfqpAbpJzSABrn6je7ojPjawwGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_17k6a_a4PltEr9J1b0ETNH6AQ1Fg%26client%3Dca-pub-2244847655937829%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 911F 2 KB
1 KB 49ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 911F 308 B
636 B 45ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 911F 293 B
621 B 41ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 911F 43 B
348 B 55ms
18ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=yBCnp7wQntlCFvaPFLg9a6Cl-ma6wZuwDWdH6ZELHlpvSij8n95ryoomeWV73eUce9KmsaiXcnKxKPPfZNQ4aVZgryDoGii9EdDRzOefEO6mjcI3yeVw-0ezrGXfXB2ztJGABTRxgePr2R3eh_DLr947Y89qrNgTx0D9Kf1DwsntFJWf1NfLobrkiQXWrh5FfHMK34ccFim8qZ6PRUC8BcCam0icFZ7tsQhKw_q01SLWfmLLGAoLpqkIhho2vkrijtG0PVAMme85OYFqOEKRqZs3E0HnXId4VCcUCR3OkHR1UVU-zFQxyZIk73m-k0zWpPtLWr09JAjefaUJUJSeWryggYz_NtqYgik0Lrjxct3mYu5pwKorWL7HXMb-jzw-CarPaSA2Zi3daIVrC62K2oV7eY707Xn0Be5FbNsE_HxT2rdEMt0-FruFRlo4EviPfSvmyg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:31 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3403445
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 911F 12 KB
5 KB 47ms
30ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2507722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gb%2BOjID8d2wZU51hORuIbwvI9vHAR6hb7jRgCp2eU5ekKTXDkr%2Br%2BcIQE7C%2BHSLZPMrQTa59w1%2BsR4aUz4JnT6ogoneLO6dC0XxyytJyXI82Wtq5VjnisQEBF%2FvZj%2BzK9aFNGjSXh5vesSJ%2B766jjIwm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7b05d5b9112-FRA
expires: Tue, 20 Jun 2023 20:40:32 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 911F 12 KB
6 KB 18ms
17ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 7 KB
7 KB 78ms
31ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=35641&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F35643%2F200515%2F787697b7fe984fe49ac189fc092e0972_my-protein-logo-2000x2000-white.png&v=3&w=196&s=01omjkono1-i6x_wzabm4TI1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1fa16b01e976d07660ebbecb42fa90fe390d9560e32e65832aa2873b4988ba12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30433772
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7399
expires: Sun, 18 Jun 2023 02:30:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 100 KB
100 KB 83ms
36ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=35641&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F35641%2F211229%2Fc2bcbbacc28c438c82de73b8858adb40_img_square_1.png&v=3&w=1200&s=N0gldciDreAV8_6h92JHqPMD

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0f3690f18b09e492b365bbd822267af1b062612997733f09d7c0f1c02b252b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=29094348
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 102048
expires: Fri, 02 Jun 2023 14:26:20 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 8 KB
9 KB 64ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12775387-6224873340003655.jpg&v=3&w=400&s=YJu3WzVsREGRi6tyM_cLDCOO&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7c1823ae6c3268e05b770f3b168b52d23e4ef611c1ff63dd2123fa011724e25f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=24758172
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 8660
expires: Thu, 13 Apr 2023 09:56:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 6 KB
7 KB 77ms
30ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12402305-9904811713882503.jpg&v=3&w=400&s=TvPeZylymhXX50Xdn42K_76a&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7f1d0f9dd348984a2a73b9da1e5d50d23c71b1d0b305c8ed0adc214cfea66fde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=27471535
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6440
expires: Sun, 14 May 2023 19:39:27 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 5 KB
5 KB 81ms
35ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10530657-1444924184327073.jpg&v=3&w=400&s=MEStyYpMxF7e7-aWEcpkS_qs&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

74de4d96a9227b0959f62e505d2594fc5bc2c641c0b61588f017019c7248ea3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=16438912
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5026
expires: Sat, 07 Jan 2023 03:02:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 5 KB
5 KB 80ms
34ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10530911-5884889444360331.jpg&v=3&w=400&s=7HDI4EHoUbCvvkYiAxDMQCbY&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

4cf64ae6b2f84eca11c5d7d891ffbed726ff6c5783ffb4eef30412b86a3187ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=27326150
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5310
expires: Sat, 13 May 2023 03:16:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 6 KB
6 KB 61ms
60ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10529701-1724835571924615.jpg&v=3&w=400&s=FUx3cbhCdkXaJIQpRmyVC9oF&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e25a70bc376bba702bc225d598379a969d89e3f59cdf993bd57d49f532cbbc29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=22423736
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5946
expires: Fri, 17 Mar 2023 09:29:28 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 5 KB
5 KB 61ms
59ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10530943-1224889444460882.jpg&v=3&w=400&s=p2do7Hg4x1dqHrCwFX4QSEzM&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

82d9db9be470425d2ea1bcf736037aaadf2f8fadafa2816b343df24013afc653

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=4729296
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5262
expires: Wed, 24 Aug 2022 14:22:08 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 5 KB
5 KB 63ms
62ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2Fproductimg%2F960%2F960%2F10530050-9574620647469231.jpg&v=3&w=400&s=x7rB_BiZ3Ntr85TDQHY32CHP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9d47816d0f275c8c2e3ab4fc230ce61d1372fc6b2202e7299c1bcc04f47b9b8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=27651121
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5200
expires: Tue, 16 May 2023 21:32:34 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 8 KB
8 KB 64ms
63ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F12081406-7264793218197882.jpg&v=3&w=400&s=TAhW343EjEf1CrCbPUSVeqJU&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e803b28f5592d9fad97a153d3fa46d9690d5740e352d087dd3d817df4de9704a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=27496223
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7814
expires: Mon, 15 May 2023 02:30:55 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 911F 8 KB
8 KB 65ms
63ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=35641&q=80&r=0&u=https%3A%2F%2Fs4.thcdn.com%2F%2Fproductimg%2F960%2F960%2F10530745-1604858591625175.jpg&v=3&w=400&s=8cCvJbdNYx8vY6__HMu_Z0Rl&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bed3202c2cbcd2c0e4f8fcc31fa24fd52575ead8d9d3f53a806f1b75cde7b650

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=24589948
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7842
expires: Tue, 11 Apr 2023 11:13:01 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 911F 0
128 B 49ms
14ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=mHAAi-cupumI3fAFzeDYv2Scdr2n-yHkShVMvJzUCO8JoQm2AtaRB4wLXZADG9T6iQPKOxN1gCQCYKt2_RS92-CXs3IMec2mBNetXrHjJ6o20RXMbih4YBHnFTXre1rn5uFIyoy_hkcuET3pHJsf0uiDQvB8bycMkM8O7UT2qzAUePPxVyVjLRZqtyqDWFDUWhkD3D0VcMM1NRGPSQBCkGB01bvdy8ClwyHPxI0Rzil-CR8IIcjJyl3q0NBLgGqx6cG2nS8avItgRg0E&sds=2&rev=81891&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Jun 2022 20:40:31 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 911F 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 911F 2 KB
1 KB 20ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 431C 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yr4KPwAH1tIIFU7jAAtg7Ba3B6fNiEeROybOtw&u=%7CNgqsUGjJiFQ5IpTgWN9FAC0uIrUDWD5%2FnepNwvCSiaE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37ds0oDHxEuxeKn7Xrp6ainli_Cmw5dJSudhYAqTqyTVIxOYy9o0MN5lNn1tXePsW0uB8q1FQhw4xVlInGSqQIZUCtgy2oyfd3WssJFzT-sRtQ1c5X0JREzdvaGnJMbScKZOE8EashF1y76yECx6-vauI2clOy-8OYi8p0nSN6SyxTV89kEmlkcWf9_1jVmaYk3yCG9vYJyXkWT_-rzS3ea4YYEcrTB2p3MuE-9wNRMuD595d1QQIdrVW9s168efxX_IQtWjCRYS5D9OJXt-1dKpyTfureEoYJRTtPj1QaiX05vzSA6AgarpLZ1KsBbqlCOx0McVNAru3eg8i4MNSbKu9DtF_wlQ6mQzDhVC9yCcjsgeq6uw50S8YlrA6XY6MhgkhA44CR9Fmjuo8BrNXjTYtdJeGgpH_y3YQBlAe1FilQhDeYUwGNToDWOGLqt3sc&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCo-6MPwq-YtKtH-Od1fAP7MGtqAjJntKxXPXalvdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTA1ODMwNDc4NDMwMTI4NjagAdW20uoDyAEJqQLmfauE74-xPqgDAaoEgAJP0B5gazKogYRA0cOHmskb2aMEqSA8wFFAr__sTvT5tWW2Xiboi6M9mpDqpJenEP4pIVIEJA2wFvTLqPqpGqKjx9zHCoPI9aAsoswu9VVtgYDgAR5Rqr44UamKCCAFweLGTHneeLl8dx7ivQmyp6XAL1kc36yd9WUZRKTZi2ZNKPpkRlnjXxVjJsBKWFjN2yLHzKE-J5HWQ6E4IJzZXfEy_XQP_v7QllWErF8hlz-vAJa0XBBX0eno7WmVZFOVegDG5ECu35xVeMvp0WTCBYMQV2xsjDCmMVOSZte5e8YhoEMwf-Kf1PWGgG26xmGj_DtCwfAfbE9jISNpCo7KrdiugAbTpuexytSmvqQBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_22A50NnJ2tqAXOU2HXhE4thy2ccg%26client%3Dca-pub-0583047843012866%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 431C 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 431C 308 B
636 B 18ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 431C 293 B
621 B 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 431C 43 B
347 B 18ms
18ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=LoL72ToB7TCCTMqLYakkUYvsUH6f-tGt6zw7kos01OQ1jBdjROTgJiNMV84KJBpJmKvaj3SgI3MTuuB3OLldgVSkxuanouQTUYiBB2KZpFoP_93XsMPkihKsyjlMxux4J4kZgcShbvrIEKXtC6q5cqF_SnX0XZoO4VdnAkxAUJlEoQrHVdJmuiyG_LurCpM92g71EgUjdvKIq-rfvzQ_RO3cp-Gqtpej2elR27dmD3oPo0Q7Rb2KOUB0b4AsXDV-q6dhoJFXAHdGFwC4EWPfR42VlJ2K_d9CZmR-GA-uuygtRgLw8_FZwbR43dnkMDuvU_FgVBco9M7bIlEFgeqWgZg_QpYq6SaOKie_fHFdUKu_CfMrWU5ULe2FtvzJdevaGG-okVX9Ps071RojWDl7Wpz9AdxtegjP2NMAgsnpHwR5ArcGcbjbLMrge-7LQnFvWtJ3Kw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:31 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3424045
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206290101/ 149 KB
53 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206290101/reactive_library_fy2019.js?bust=31068289

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e98c85a4d5857cf36fbed998f6f96fcc43836304f8e7a04382f10cb4100fb6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54415
x-xss-protection: 0
server: cafe
etag: 5020263175737615658
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 118ms
44ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 120ms
47ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.federalpay.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AE13 18 KB
10 KB 357ms
356ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

145020662373e30af855206c7f3f0d193b39c3984a0927a9f71167408ec4e666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 9928
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1D10 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90eb655b43d41ea856b9bb0213994bd9c53ea36f7ffc62e2353008b5a1c0ad9a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 5553 2 KB
1 KB 52ms
20ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:10:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 5553 2 KB
902 B 131ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:30:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:30:08 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame 5553 21 KB
8 KB 121ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:35:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 5553 3 KB
1 KB 114ms
49ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5553 138 KB
42 KB 124ms
49ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame 5553 17 KB
7 KB 118ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 200 e335c40f4e500f406840f7159cec7b48.js Show response
www.gstatic.com/mysidia/ Frame 5553 31 KB
13 KB 177ms
58ms Script
text/javascript 2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e335c40f4e500f406840f7159cec7b48.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

204ee979949dff78fdc0b391fe74c9b8fe736abd65a1f0a6af80cb01bcfb8587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 02:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13085
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 02:13:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 28 Sep 2022 02:36:43 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 911F 5 KB
764 B 49ms
22ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400%7CRoboto:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

45b4df3791f15848f459acfcdb947c967d32a2ab208189ad19236126e23a8637

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:40:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
DATA 200
OK truncated
/ Frame 9C5D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afecffb787dd86256277a47f6eafb581a29e99b8bca122c41c59aaf4c992d1de

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

view_pixel_1x1.gif Show response
secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame 5553
Redirect Chain

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-163300-122643-2&mkcid=4&mkevt=2&mpt=2634377385&gdpr=&gdpr_consent=&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=551583
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

43 B
526 B

59ms
7ms

Fetch
image/gif

104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

suppress-x-frame-options: true
content-encoding: gzip
x-content-type-options: nosniff
x-cache-lookup: HIT from include-cache-2:80
x-cdn: AKAMAI
akamai-grn: , 0.906656b8.1656621632.ab50c58e
vary: Accept-Encoding
content-length: 57
x-xss-protection: 1; mode=block
server: ebay server
date: Thu, 30 Jun 2022 20:40:32 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9whhq%60uebwh*ubej%3A%28rbpv6710-180a4f781b5-0xc6
access-control-allow-headers: *
expires: Fri, 30 Jun 2023 20:40:32 GMT

Redirect headers

date: Thu, 30 Jun 2022 20:40:32 GMT
accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
strict-transport-security: max-age=31536000
location: https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif
cache-control: private,no-cache,no-store
x-envoy-upstream-service-time: 32
rlogid: t6baubqsodf%3F%3Cumjgcp%60tqjfc*%3At0od%28rbpv6713-181b6580c63-0x2361
content-length: 0
server: ebay-proxy-server

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5553 0
0 81ms
80ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUN1DPwq-YrjbIIOMtge_7KGYBo3D8e9q5PuE3IQP3f6fpoAYEAEg58ywIGCV4pCCoAegAe2DzcEDyAEJqQLmfauE74-xPqgDAcgDywSqBIMCT9D4g1BnKbXkHdwtJB0oFNZBcauVi5N3bDghSmw0IDF39eEdybhizochD24X8ti2nTSThza-KAy-jPWbb0-eKTm6HpUhVsN--tJAF136fSuD58gXzUqCWMvK1JMrxeOXHadCDvwZL875mczJrZrsBzBwdZ3HwqGZ81dlvpzmACWsuxlZ-_H0uvbuEIM_Pgif51kjxKbazrtFoQOYk1YePC6TLFMOGpNOj6i_qi5K9ngCDBU94nIVSPBIKE7dNG1udWo_w8eVF2bp6iMxttGccnmC7Sv-eBDIy6vs92RLPwkOlW88IPDmN4hFfTmtOoTBU_IbGKbvoLoZE51T8GN-E9fyKcAEksiu9uUDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_v7sj6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQuPcE0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwuIFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItMjI0NDg0NzY1NTkzNzgyORgA&sigh=XRjuQQGm2Kw&uach_m=[UACH]&template_id=494

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 431C 12 KB
5 KB 21ms
21ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2507722
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nhs3Rc1Qsn6Y6XGREDNsNCul%2Fe%2FqibmHYAWLuBbSQ2PwXVj1dIhqF8iRFi4reU2HNOGrwCpH1cXcLeDdkGs%2Fj3ODbhIyuG3QI6qpQ%2B7Fl66MO8cfQuNgdDQF1BgV2juNIYWFgKIHWx%2B0bV0dzkilFiLw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7239b7b15e899112-FRA
expires: Tue, 20 Jun 2023 20:40:32 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 431C 12 KB
6 KB 16ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 8 KB
8 KB 18ms
16ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=36918&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F36918%2F210225%2F33d784040a48408e8c6dedc4aa03c63b_logo_leasingmarkt_de_endorsement.png&v=3&w=196&s=bV7eT_BQdCtHYe9XVj2QlQ_C

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5cdaf6aae2dabbdc998aa46fe673b49e901ec1810832273aeb47ae58e1e7b003

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28889241
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 8168
expires: Wed, 31 May 2023 05:27:53 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 10 KB
10 KB 22ms
20ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F5807301%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=4WrAhLliUguRdn6z6MlI4ZHF&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7f967d94e5d04cedfa0cf660e6f65c1be38d723c4096147214218e378c595790

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10070
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 8 KB
8 KB 23ms
21ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F5891958%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=vEswzhjZvwbhjIQ24qEGP5d2&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b888f4950683c3ac869c1c8cf340c011526e7320c402a82e59e2860194c81ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7830
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 13 KB
13 KB 19ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F6702432%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=mQbh19ktpdmrxeNQFsLIffzG&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

7ef8a8c9ff10c0ab0a20c33b7e1346431a2bc3052ea7b489cc8c9cb8234539c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 13070
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 15 KB
15 KB 21ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F6575277%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=8m0fvWtHXt_Y8GVsbkKcNDO1&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8cd0821955ada2d7922b40e87a22ff2b916af87106984ecee7875e6b84916c0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 15206
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 20 KB
20 KB 19ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F5773098%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=Pz9Q3KwDrmqmTmxCUdvhqzVL&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

9ddb491a5e0aa451fb393c8a4ebacee5eddb082307b03c9da1c0ae71cb930d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 20620
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 431C 10 KB
11 KB 17ms
16ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=36918&q=80&r=0&u=https%3A%2F%2Fwww.leasingmarkt.de%2Fad%2F5948790%2Fmedia%2Ffeed%2F600x450&v=3&w=800&s=AR7w3gH-Ywi9v1jZe4XG0LSg&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

f895332e52aec590d6bbd9d76253cee4af1482cd1e1bebdaaed387d26441dafa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10564
expires: Sun, 25 Jun 2023 20:40:32 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 431C 0
127 B 14ms
14ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=I4ULhOcupumI3fAFp3NxyOunDwE0igbryM3EPkaKG8RdLM4BUqCVyMaQ-OLebD2Pyqh_y2Yi-GpePVi2byU3q03DxCJxFTzheMwrip4N8Hq2XJfDIO38pz5MsSeEj7CVfIGFwB5z7sGC_C41XCERGuyyLNI5sXhTbHnPpn-lbc8PBwZ7sW9D7dRak178fXDdDiKb6XM2SVxg2uGoG8qT18PVCNAydF1InfPiuOY817NfntcV9oIG7x7hCnwyhumxJwgp6g&sds=2&rev=81891&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 30 Jun 2022 20:40:31 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 431C 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 431C 2 KB
1 KB 28ms
28ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 25 Jun 2023 20:40:32 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 5553 27 KB
27 KB 175ms
81ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQMia5xRz6wJClJeZ5I5SDNkwhCoSVN-rR8uDKCRv7Jz8eigBHXQ-i-jo3Ojg&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d1c67a35e25f04bc565639252e7da0b80c665dd4fd80bc6e0d8464fb54b6134

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 17:57:03 GMT
x-content-type-options: nosniff
age: 96209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27454
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 11:33:17 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 29 Jun 2023 17:57:03 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 5553 23 KB
23 KB 178ms
56ms Image
image/jpeg 2a00:1450:401b:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTNbui08tTwqE7i4QQfOGAcvJ7JtFpa8_qMO15CnScaWpVUJ70&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:401b:803::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54195a1ce647fc7da06286430806cec7fc2f7a3b3b6e34b0ec1f0be13a2317d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 21:24:28 GMT
x-content-type-options: nosniff
age: 342964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23283
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 06:59:05 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 26 Jun 2023 21:24:28 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 5553 13 KB
14 KB 167ms
45ms Image
image/jpeg 2a00:1450:401b:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcS7h-B11kW7UXw0EQiQTAqy2amOXJuO_3Dwe7_S6IvoKvpqyZU&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:401b:803::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdced1ccabc848c7564b50411945aad2367eba1bd7da70cf2836a5fb421efd66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 23:55:19 GMT
x-content-type-options: nosniff
age: 506713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13759
x-xss-protection: 0
last-modified: Wed, 06 Oct 2021 01:14:34 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 24 Jun 2023 23:55:19 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 5553 38 KB
38 KB 129ms
36ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQDw9E2K9ma79jfxawb_t-ivCi7qopipmCMD-GmhhvC-DAbgy28Fpf2rP7zmiU&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9889d293bdf8aade186c21e09da716d43057e43fbe46820e1983730b3e561c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 19:00:00 GMT
x-content-type-options: nosniff
age: 178832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38435
x-xss-protection: 0
last-modified: Sat, 10 Jul 2021 14:58:53 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 28 Jun 2023 19:00:00 GMT

GET
H3

200

2401371329490837093
tpc.googlesyndication.com/simgad/ Frame 5553
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN
https://tpc.googlesyndication.com/simgad/2401371329490837093

98 KB
98 KB

49ms
48ms

Image
image/jpeg

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2401371329490837093

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 18:58:25 GMT
x-content-type-options: nosniff
age: 92527
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100649
x-xss-protection: 0
last-modified: Wed, 05 May 2021 19:23:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Jun 2023 18:58:25 GMT

Redirect headers

date: Thu, 30 Jun 2022 08:05:30 GMT
x-content-type-options: nosniff
server: cafe
age: 45302
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/2401371329490837093
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 30 Jul 2022 08:05:30 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/ Frame 2897 10 KB
4 KB 36ms
36ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 15:43:20 GMT
etag: 10429905676100781186
expires: Thu, 14 Jul 2022 15:43:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/ Frame F865 10 KB
4 KB 36ms
35ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17832
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 15:43:20 GMT
etag: 10429905676100781186
expires: Thu, 14 Jul 2022 15:43:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 911F 15 KB
16 KB 205ms
57ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400%7CRoboto:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek,latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 19:32:54 GMT
x-content-type-options: nosniff
age: 90458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 19:32:54 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 911F 15 KB
16 KB 220ms
74ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 19:32:52 GMT
x-content-type-options: nosniff
age: 90460
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Jun 2023 19:32:52 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 431C 4 KB
651 B 50ms
20ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3f714f28225e03c64ce6cd24eb1f076426d54a0c7bdadd813b590013008b9f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:14:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v15/ Frame 911F 12 KB
12 KB 272ms
155ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v15/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 13:31:23 GMT
x-content-type-options: nosniff
age: 284949
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12372
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:19:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Jun 2023 13:31:23 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 2897 4 KB
636 B 20ms
20ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:10:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2897 205 B
229 B 58ms
57ms Image
image/png 2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:48:47 GMT
x-content-type-options: nosniff
age: 132705
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 29 Jun 2023 07:48:47 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2897 604 B
628 B 58ms
57ms Image
image/png 2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 06:26:30 GMT
x-content-type-options: nosniff
age: 137642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 29 Jun 2023 06:26:30 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/ Frame 2897 19 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:35:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8263
x-xss-protection: 0
server: cafe
etag: 17157773748623750166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:35:53 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F865 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cst7HPwq-YpODIcyN1fAP0sihoAid3JXjaYuK6ruxD9rZHhABIOPCph1gleKQgqAHoAGF2pjZA8gBAqkC5n2rhO-PsT6oAwHIA8kEqgSGAk_QvOwBwbP0sLRpovxa7hrjVGudGWPe8YmuqJTuBfQsljqXMVhFlerqyvfbhj3qW8hYmcR7da-fURxvOoNElIaYUjvERMYTtRkv7ybCxzqJRUcvwxvVVKY94SSDA28Tc3CveMzJZU0hodKTpix03j2V71xgt6PUf4Ymr5K3_Tfb8ggWyW_O1vbIcb_tqk6EnzD4a5CrQ10hrZN_UCh-s_MBmZGETy5sMj47EwUJ5dtt0Bi9o5-R06ZgFiXpxnYMaqKI0ZKw8__UZwDDFw2xk-n3I_kGccHHlgAwWBmlUI8Y6rpf4P8VZwfeBVvpgDRK5_eEj-NVW18lfYlqWypw-mBv97M35ufABO7dpbDoA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAey8pAoqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQ-GvSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTC9AVAYAXAbIXHAoaCAASFHB1Yi0wNTgzMDQ3ODQzMDEyODY2GAA&sigh=eGgl6dj4zIk&uach_m=[UACH]

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame F865 21 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:35:13 GMT

GET
H3 200 7591764179748689708
tpc.googlesyndication.com/simgad/ Frame F865 15 KB
15 KB 119ms
119ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7591764179748689708?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlvVTKVrj9V-ReDKmS_g7JJHr4JZQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc1279ca75f43a22f2305d76b685e99c5dd06c45cdc34c4cca9a313c69f851e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 23:13:24 GMT
x-content-type-options: nosniff
age: 595628
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15226
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 14:25:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 23 Jun 2023 23:13:24 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame F865 3 KB
1 KB 118ms
117ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F865 138 KB
42 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame F865 17 KB
7 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame F865 31 KB
13 KB 122ms
122ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0df3db2678c71d2874f90967df4df4b8f054d78b58985a59ed8a1c607a4e52c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:34:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29191
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12959
x-xss-protection: 0
server: cafe
etag: 3507954938847631516
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 12:34:01 GMT

GET
DATA 200
OK truncated
/ Frame 5553 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 256b2152e83dc8b0f5141e80d4f02b71ec98b1b82eb53cfabbefcf909f67d831

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 5553 20 KB
20 KB 225ms
170ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 22:24:07 GMT
x-content-type-options: nosniff
age: 166585
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 22:24:07 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 431C 13 KB
13 KB 174ms
123ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 13:30:20 GMT
x-content-type-options: nosniff
age: 285012
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Jun 2023 13:30:20 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 431C 13 KB
13 KB 190ms
139ms Font
font/woff2 2a00:1450:4017:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4017:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 10:43:31 GMT
x-content-type-options: nosniff
age: 295021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12924
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Jun 2023 10:43:31 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DFCD 8 KB
893 B 20ms
19ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Jun 2022 20:11:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame DFCD 2 KB
902 B 87ms
86ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:30:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:30:08 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame DFCD 21 KB
8 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:35:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame DFCD 3 KB
1 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFCD 138 KB
42 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame DFCD 17 KB
7 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame DFCD 31 KB
13 KB 58ms
57ms Script
text/javascript 2a00:1450:4017:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4017:801::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 01:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67943
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 28 Sep 2022 01:48:09 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 59DC 143 B
163 B 36ms
36ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 19:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B74A 143 B
163 B 36ms
36ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 19:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F865 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfb6a960c0c3667719933c0d8199a574888ac3ca6a3a5da8505bcc6ca2e572f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 59DC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

86ms
86ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 20:40:32 GMT
expires: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 20:40:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B74A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

100ms
99ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 20:40:32 GMT
expires: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 30 Jun 2022 20:40:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js Show response
pagead2.googlesyndication.com/bg/ Frame F845 36 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:33:05 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE13 42 B
63 B 71ms
70ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AK2AzTfFOOh2dnonCaJ2eUjZQCvG2zsyO6uqCTj7JIDrCtPHRdCF-v2LwiOfIBShDBOsxdOOBJE1AQWvrqgn7sEh8o939IOl5IJk37A9-pwfd03Nw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame AE13 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:39:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE13 138 KB
42 KB 363ms
363ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/ Frame AE13 17 KB
7 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220628/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:21 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AE13 0
0 86ms
47ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRcaLHEt1ErbP9X8r4gDopimZuk2tSJitu4sq-zDdsPmrPf1dfIwb-39qoRG8I6jFJB41_fstgnJDkOOGpdXOIt1NnCzg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CB7F 624 B
299 B 47ms
46ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8Ne3xQEwAQ&v=APEucNVLcpb3yOOp3E8t8omahKdsYCwiTPSqmVhkJH14PMiovcXFOu9BEVjgQwrHQxpBqgjujkT40qYOBh3hjirL0WDiZVbPyDMx9Awe-lK55Wd4qjkK64D7F0AzlWic8TTuHeeeMeIddmUnO2JypNg6Fr3bYEOsMGwFnnePqzJFAQmosKrMUzQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:32 GMT
expires: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AE13 78 KB
33 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVyiXGbXLftOhizn2BVnRDmatRQ2KIOAXOkNQjgIpLpY8yzuTgSkduCHreAri-gL6pFVC1lNXGh1gEMIYoVCkn7O33bE1JUUMeNrIpaukiSQonOy7D9kTc-jBnBps0kJbzKW3DmC4iNs108nWMaxCHOwAzFA&dbm_d=AKAmf-C392DFGKlErcm9oXotkBE-3C6zMjaXSDvM_sAK8zBomiJ0w1rtdcVxoEiSZXtnBb2_wTXgwNuVqMrwQR-pc8zQgLKhjP8V-TxSAQwk5GX6MzReNE214OphGPvURcnFjlw9ua9RyfSnH2tkxKE7wU4j5_NXNzuwgkuVH2hRvjlUwQBzvUZtkWw-xTj92kZxmCvVm4o6vBtnwjZQ2aTSYITfrvDot4cVwhV3Bp6oFPS1clQ0a2GCxr02wvaShUSp0XzPx7Yy7Jg4sjc1KL7vj8NHJd40zZmjkbnIb36KGwY2VlNmorX_94AV_8t5KzSGCThyD_q80jwajbdVyxT58Azm6mBPAVDJRXmuH5HWVk0-iYDNtjUYvROh0EszWTWjuwCYsnlBw9-EDmBuI9mOhmCOHZAjvJ-BVWBil-DFqbqAIIx8UMn92afk4jsMkg2KFttEHJvYGBkIbYdbW4N1EUeKn7DRGIHamCCkd7wMd08jNcv4aUJgrEpEuMQbiNmzJFyXiVOdaq7UAwfRy54z9SsyJivhF8fzkRaDZeJ_fTfk9SHOa8vqFKYomVVH_3L98KsT6Uai50QDlTFyMIzb87ynX16VmhgNotJ6J9weI1ITsY63Ffv6_neF_ZQyIcCnoqIuxCdUB_xPig9a4_Zxa9FzLfuEDq4_B0YAJNt4zj_m3TlR3qIcXZp75pkwaJqnQU2vPdb19bqFoO_zCh9FmncNaDvXPCB9tjtQe3Zxru_4HfF4QFQ7sSeCSbfB6ggrNNkE6rsc9nPqBuet11Rt2cvoysU78abuQa3lhZdRlbVW-JdwTAYAY2VNwmjcMJw5EEToI3ROHph0IJ9iWRkQB1_Ai6amIRdrX4qYE96qTHrYuO9hzdIOxUG5-pqTZVEEDfoplgE2NcXZCY1MmLYP9zeWVdi7oqVzU-6jiCNK12RVb1Hg4m4cbElzlH979vyaosv0gIFBZDcTW3WXAYwLriDTqbbMzPmWUJ4edn0uyh91bATudVpRQl_avQaSsL41zBhXfI3Z4Tj0ET9PRMlVPEFsxz4syiAdbjdfJPNJR7NdbfvB-Zr4qdpksC48if1zr-WY8WlnRObyMjhxaYvClJxnFK9HIUZnQEkuejzUt3YrtqfrWkmuixZO2jWxTsjav_jwmM78UY_b_r3JIqaJwbCAr9VHggvZazmOqL2Vf-j5FCZC3_R8rh7EBUPJOMYYesNTdVkI9_i4v7Hw3Frugd76JyHVC00fVlzk8-GK7ZWWOIxWSD1FnZbOCPO3IEvtSRUC-R8ggTpZTgYkdDPevwVY1I5CDcJNYq21_1MgIybCC8r0bcMkiz4tPdiTXdPLANGyFDv-PIHNdaEGGt_8aADueiiWiQaHWKXyPO0KkdZeePZ1_Cnyo0jPEb7uqKLYVTpJc39m2KUweWHd7qsiQOXdLkWi29hIThrrpE7fVG_7fZEcuUt1NuZRUvuBOeTi7DYOoZpoJU_9QuAqalsaKSosBrIXp6z2Hejemlk8dSO0FXkFkcQFH3YybELlmaDuAGhP2quYfvFcKY0dMO5mTRvT12GxW33KEPDl6RO2-CrLirnpy6ebuH4QoajYWX57tSNlODscxZbXMP3r5VRzoI0ECu4A6V29stPAcUD_6L-lgyHiEFTzgVG1TMINdHQt0MPMfpd_NQs9sztkQRrW4LJvPfz28g2uTJGSxxFIFRFUCDtynCPQjVbC9XH8fIL2Y-MaMeuyif6fUMqsXFBIJ4l9g4lnN2QANIgWccU1G6y9RrY0FdbOekdoy3emutNolTqOqTSbTKeDKzGF11T3v3HgPwhInKUt31dHwiLOlLBS9e1y7tHakyRasrhQ8A6c3q4-EFL0TqQJmQGjQbJSGoFAG0H4CN5fYOSpmKKl-W7neSSXbrXo_5380zZss3e-sy0XkQzi8CHuCXOboKMJgjkxMuNaZ3G7hXvLakCYhfxIXEWbR1e45s77i6DZS3CVPvBOdGD6tRzHe9o5DVvkOjXKliDdazGqyqy3tFl_tJ_9ctiY8CxTRvZexS3P5jheiOlTyfSgdF21hkBWQctXnZj7DSWjKS5Mcnyz5cU8BE6jujnjTh_3d2InSvZ_MC60pCbBsbvsQiR6ZA-3KdvcBxTR621YBlCnYiLSkJFm-P4dol-ym7DncC_6_AzdHfGMRNQYoRVA-RVfMLEM3Wj19W39WUiB7Luc86eWk-ckGtijTT4C_VTbvr8Rx8RYncj0lrkhcaek3myBPOxTHyyVfsrs4b_07UNubcAL4DmP4lscpGLmRw5Mr5VFwU-F8qx1yeFP9MLqx9HfoKEtypfpsek1ypkgGAhnPxG-qXogx5TE55N7FG-yHfBloZf41ZHiguqRoV7OJhgJC3KWzOr6OhJ5QIz4RnP6MxbEU9i8UKNQ9eohPPG47UrpnR7QGxNKxrTXK7jZkOauPFnE7_O0hSBId3ZsRq6mNBTQTLqolw_iHTbyPjwznG-fCxBJ05g_NGQ0nQ5kHROCiNC7Mh8AR2hM9LFkv3qwguBTVBB88wfsLSGa7p39G4VOYlmmh3grUbn2OXpRP6FmhhyS_x99WWAyg_4MG3zyyF65JiasISfBm8uTz1vHgVoKYh6QJuip7jJWB1WfLGhwtilAHa5-WQY5Zw4FTzoiIYypbXuL-ZTaxCu6xPRYf53zNJxKeu0vQrOpuBHRWK62pxEbTqIH3hla7dypHonDhEsWY7viArbyFBHc-cQN7RrWkG7XHwEkAdxO6OFNeXbVZjbEip_FN_mqk__nYf5JRiQ9_pg5C1SON2sA-eG9Fw6HTnQaIu0YtCiyMabey_451qpVFyYnTFLcp-RtkEGaJLsRUmV7n6nl--8wGYNyH06jm70vBISK9Fx-bmMT0KPdWOy1h-nu6dX9BLto0oN__BY_-JxroSgm6PpRMwMdiyN-gv2NedZSdbh8ciFQsKLwNeBmTRQtcf-6mEUYZbnjBPOgB0eJoE3m6IP2CE_1xfNAO8ZqHeKbtQzb8xb60zGeUzU4M42rmQNctNMD-03ftJiHXLXzv7tnj-iqXIf1FK8fU3uJ6hRToRIsb4B_PJkpGQMObQoYcuTxfiA1YrMDT2iV0YktLVUKX79UkULPdtAXAk_1IRhd6TENBMfKteh-zTezGSvKNk1fIf7Gb-mcvrdBuCuuMzy5gd6JzMZEnlRWahTBtAOBJGUQSZ6MNcEnmll2JmTtdUowho3pGoxBd5Pmw5llcreh_C7bCrm0q-OHS1GB9XIUpC1WNm52&cid=CAASJeRoSMOz2geewmT5X8USnnBfI1InXYdmTRzyIGg-1elnjsaPH7Q&rfl=1%2Chttps%253A%252F%252Fwww.federalpay.org%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c84b65d28987914d821e2d95e40006263ff9dc732d4d68f93ef1dc8a4cfb8db2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame CB7F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1

43 B
908 B

42ms
42ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8Ne3xQEwAQ&v=APEucNVLcpb3yOOp3E8t8omahKdsYCwiTPSqmVhkJH14PMiovcXFOu9BEVjgQwrHQxpBqgjujkT40qYOBh3hjirL0WDiZVbPyDMx9Awe-lK55Wd4qjkK64D7F0AzlWic8TTuHeeeMeIddmUnO2JypNg6Fr3bYEOsMGwFnnePqzJFAQmosKrMUzQ
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 7239b7b53a809b5e-FRA
pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNJu536pE8jObHsHWJaCnzqWjVfXtAfmgy9cq7BU3H8zD9IlDN1Rqno3g1En%2FQlxPg%2F5x52%2FOYzTZkTiA17A8BYWGVJRzLTWv6LxUtY58V70n28wQTD3N8sLz0QvAQSbgPi7o9LbjvYpWw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame CB7F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1

43 B
908 B

45ms
45ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8Ne3xQEwAQ&v=APEucNVLcpb3yOOp3E8t8omahKdsYCwiTPSqmVhkJH14PMiovcXFOu9BEVjgQwrHQxpBqgjujkT40qYOBh3hjirL0WDiZVbPyDMx9Awe-lK55Wd4qjkK64D7F0AzlWic8TTuHeeeMeIddmUnO2JypNg6Fr3bYEOsMGwFnnePqzJFAQmosKrMUzQ
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 7239b7b58afc9b5e-FRA
pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H43n5jmZW7XN5VSxm6nK5Sndp5u5oiD%2BLghkgmaXr9kUnwFZMckejEFaiEJsG6G0zfPAOYCzCVa7hXrLWX7ni01hyLfBdl%2Bmf1Z0xOqkVzwt5fs3GW0Iz%2FRpJJr530SHvPSWVkiALnojfg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJckRB84QX77YnJ9Iv_lgJ4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CB7F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJt3HV7q2li81nZCXX-BJeA&google_cver=1

43 B
1020 B

25ms
24ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJt3HV7q2li81nZCXX-BJeA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YY8Ne3xQEwAQ&v=APEucNVLcpb3yOOp3E8t8omahKdsYCwiTPSqmVhkJH14PMiovcXFOu9BEVjgQwrHQxpBqgjujkT40qYOBh3hjirL0WDiZVbPyDMx9Awe-lK55Wd4qjkK64D7F0AzlWic8TTuHeeeMeIddmUnO2JypNg6Fr3bYEOsMGwFnnePqzJFAQmosKrMUzQ

Protocol

HTTP/1.1

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 20:40:32 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8740dcfe-89eb-4852-a41e-75c4e59d9907
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJt3HV7q2li81nZCXX-BJeA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CB7F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0MDMzNzExNDE0MDM4NjcxMQ%3D%3D

170 B
243 B

65ms
65ms

Image
image/png

216.58.215.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0MDMzNzExNDE0MDM4NjcxMQ%3D%3D

Requested by

Protocol

Server

216.58.215.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

waw02s17-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Jun 2022 20:40:32 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 60d454c3-207f-4574-bfdb-3484d7114246
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ0MDMzNzExNDE0MDM4NjcxMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js Show response
pagead2.googlesyndication.com/bg/ Frame B592 36 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2244847655937829&output=html&h=280&slotname=4646441868&adk=2296981842&adf=69885606&pi=t.ma~as.4646441868&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631059&bpp=3&bdt=297&idt=358&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7262277415877&frm=20&pv=2&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=828&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=YhtWjHsqC7&p=https%3A//www.federalpay.org&dtd=363

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:33:05 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame AE13 106 KB
38 KB 160ms
40ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 09:09:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Jul 2022 09:09:21 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/ Frame AE13 8 KB
3 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVyiXGbXLftOhizn2BVnRDmatRQ2KIOAXOkNQjgIpLpY8yzuTgSkduCHreAri-gL6pFVC1lNXGh1gEMIYoVCkn7O33bE1JUUMeNrIpaukiSQonOy7D9kTc-jBnBps0kJbzKW3DmC4iNs108nWMaxCHOwAzFA&dbm_d=AKAmf-C392DFGKlErcm9oXotkBE-3C6zMjaXSDvM_sAK8zBomiJ0w1rtdcVxoEiSZXtnBb2_wTXgwNuVqMrwQR-pc8zQgLKhjP8V-TxSAQwk5GX6MzReNE214OphGPvURcnFjlw9ua9RyfSnH2tkxKE7wU4j5_NXNzuwgkuVH2hRvjlUwQBzvUZtkWw-xTj92kZxmCvVm4o6vBtnwjZQ2aTSYITfrvDot4cVwhV3Bp6oFPS1clQ0a2GCxr02wvaShUSp0XzPx7Yy7Jg4sjc1KL7vj8NHJd40zZmjkbnIb36KGwY2VlNmorX_94AV_8t5KzSGCThyD_q80jwajbdVyxT58Azm6mBPAVDJRXmuH5HWVk0-iYDNtjUYvROh0EszWTWjuwCYsnlBw9-EDmBuI9mOhmCOHZAjvJ-BVWBil-DFqbqAIIx8UMn92afk4jsMkg2KFttEHJvYGBkIbYdbW4N1EUeKn7DRGIHamCCkd7wMd08jNcv4aUJgrEpEuMQbiNmzJFyXiVOdaq7UAwfRy54z9SsyJivhF8fzkRaDZeJ_fTfk9SHOa8vqFKYomVVH_3L98KsT6Uai50QDlTFyMIzb87ynX16VmhgNotJ6J9weI1ITsY63Ffv6_neF_ZQyIcCnoqIuxCdUB_xPig9a4_Zxa9FzLfuEDq4_B0YAJNt4zj_m3TlR3qIcXZp75pkwaJqnQU2vPdb19bqFoO_zCh9FmncNaDvXPCB9tjtQe3Zxru_4HfF4QFQ7sSeCSbfB6ggrNNkE6rsc9nPqBuet11Rt2cvoysU78abuQa3lhZdRlbVW-JdwTAYAY2VNwmjcMJw5EEToI3ROHph0IJ9iWRkQB1_Ai6amIRdrX4qYE96qTHrYuO9hzdIOxUG5-pqTZVEEDfoplgE2NcXZCY1MmLYP9zeWVdi7oqVzU-6jiCNK12RVb1Hg4m4cbElzlH979vyaosv0gIFBZDcTW3WXAYwLriDTqbbMzPmWUJ4edn0uyh91bATudVpRQl_avQaSsL41zBhXfI3Z4Tj0ET9PRMlVPEFsxz4syiAdbjdfJPNJR7NdbfvB-Zr4qdpksC48if1zr-WY8WlnRObyMjhxaYvClJxnFK9HIUZnQEkuejzUt3YrtqfrWkmuixZO2jWxTsjav_jwmM78UY_b_r3JIqaJwbCAr9VHggvZazmOqL2Vf-j5FCZC3_R8rh7EBUPJOMYYesNTdVkI9_i4v7Hw3Frugd76JyHVC00fVlzk8-GK7ZWWOIxWSD1FnZbOCPO3IEvtSRUC-R8ggTpZTgYkdDPevwVY1I5CDcJNYq21_1MgIybCC8r0bcMkiz4tPdiTXdPLANGyFDv-PIHNdaEGGt_8aADueiiWiQaHWKXyPO0KkdZeePZ1_Cnyo0jPEb7uqKLYVTpJc39m2KUweWHd7qsiQOXdLkWi29hIThrrpE7fVG_7fZEcuUt1NuZRUvuBOeTi7DYOoZpoJU_9QuAqalsaKSosBrIXp6z2Hejemlk8dSO0FXkFkcQFH3YybELlmaDuAGhP2quYfvFcKY0dMO5mTRvT12GxW33KEPDl6RO2-CrLirnpy6ebuH4QoajYWX57tSNlODscxZbXMP3r5VRzoI0ECu4A6V29stPAcUD_6L-lgyHiEFTzgVG1TMINdHQt0MPMfpd_NQs9sztkQRrW4LJvPfz28g2uTJGSxxFIFRFUCDtynCPQjVbC9XH8fIL2Y-MaMeuyif6fUMqsXFBIJ4l9g4lnN2QANIgWccU1G6y9RrY0FdbOekdoy3emutNolTqOqTSbTKeDKzGF11T3v3HgPwhInKUt31dHwiLOlLBS9e1y7tHakyRasrhQ8A6c3q4-EFL0TqQJmQGjQbJSGoFAG0H4CN5fYOSpmKKl-W7neSSXbrXo_5380zZss3e-sy0XkQzi8CHuCXOboKMJgjkxMuNaZ3G7hXvLakCYhfxIXEWbR1e45s77i6DZS3CVPvBOdGD6tRzHe9o5DVvkOjXKliDdazGqyqy3tFl_tJ_9ctiY8CxTRvZexS3P5jheiOlTyfSgdF21hkBWQctXnZj7DSWjKS5Mcnyz5cU8BE6jujnjTh_3d2InSvZ_MC60pCbBsbvsQiR6ZA-3KdvcBxTR621YBlCnYiLSkJFm-P4dol-ym7DncC_6_AzdHfGMRNQYoRVA-RVfMLEM3Wj19W39WUiB7Luc86eWk-ckGtijTT4C_VTbvr8Rx8RYncj0lrkhcaek3myBPOxTHyyVfsrs4b_07UNubcAL4DmP4lscpGLmRw5Mr5VFwU-F8qx1yeFP9MLqx9HfoKEtypfpsek1ypkgGAhnPxG-qXogx5TE55N7FG-yHfBloZf41ZHiguqRoV7OJhgJC3KWzOr6OhJ5QIz4RnP6MxbEU9i8UKNQ9eohPPG47UrpnR7QGxNKxrTXK7jZkOauPFnE7_O0hSBId3ZsRq6mNBTQTLqolw_iHTbyPjwznG-fCxBJ05g_NGQ0nQ5kHROCiNC7Mh8AR2hM9LFkv3qwguBTVBB88wfsLSGa7p39G4VOYlmmh3grUbn2OXpRP6FmhhyS_x99WWAyg_4MG3zyyF65JiasISfBm8uTz1vHgVoKYh6QJuip7jJWB1WfLGhwtilAHa5-WQY5Zw4FTzoiIYypbXuL-ZTaxCu6xPRYf53zNJxKeu0vQrOpuBHRWK62pxEbTqIH3hla7dypHonDhEsWY7viArbyFBHc-cQN7RrWkG7XHwEkAdxO6OFNeXbVZjbEip_FN_mqk__nYf5JRiQ9_pg5C1SON2sA-eG9Fw6HTnQaIu0YtCiyMabey_451qpVFyYnTFLcp-RtkEGaJLsRUmV7n6nl--8wGYNyH06jm70vBISK9Fx-bmMT0KPdWOy1h-nu6dX9BLto0oN__BY_-JxroSgm6PpRMwMdiyN-gv2NedZSdbh8ciFQsKLwNeBmTRQtcf-6mEUYZbnjBPOgB0eJoE3m6IP2CE_1xfNAO8ZqHeKbtQzb8xb60zGeUzU4M42rmQNctNMD-03ftJiHXLXzv7tnj-iqXIf1FK8fU3uJ6hRToRIsb4B_PJkpGQMObQoYcuTxfiA1YrMDT2iV0YktLVUKX79UkULPdtAXAk_1IRhd6TENBMfKteh-zTezGSvKNk1fIf7Gb-mcvrdBuCuuMzy5gd6JzMZEnlRWahTBtAOBJGUQSZ6MNcEnmll2JmTtdUowho3pGoxBd5Pmw5llcreh_C7bCrm0q-OHS1GB9XIUpC1WNm52&cid=CAASJeRoSMOz2geewmT5X8USnnBfI1InXYdmTRzyIGg-1elnjsaPH7Q&rfl=1%2Chttps%253A%252F%252Fwww.federalpay.org%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:34:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:34:55 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/ Frame AE13 27 KB
10 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220628/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 253
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Jul 2022 20:36:19 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AE13 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 09:09:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41470
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 09:09:22 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7BB2 1 KB
749 B 36ms
36ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53208
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Fri, 01 Jul 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 7BB2 35 B
463 B 42ms
9ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ32WV4KVaZ_sVv-Iz_zz9U&google_cver=1&google_push=ARnp8GD9hAC0T7FhAK5JXCjtCLaRy5VMWJq2e1aZONYuF8LbtPMceOj6zV4-snHpjETuCYqgu0T6p17jjYikqZmoyT3va4iKCz-F

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 7BB2 0
98 B 121ms
42ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DARnp8GDOohb05rBHwtP-j4BTWwM588wTyQO3S-egwe7OvFfelqdU8A_5mKD4-VXSHk9tcrcD7ZQgvVx1tOSN1yD-GU9ghQECMSJy&google_gid=CAESEP03S1FFY8oUwv2MXsBPAR8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 7BB2 43 B
356 B 72ms
20ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEFXj8DP7TtVNIXWdR6Yslxc&google_push=ARnp8GD-no3uFyQbCH_gThgGY_gU3ePgbKdXce1Cq6fPOkKheL-mbhkuTIdye70Gm9FJqUizPrqQa5pnhkhMFzLCXN0a3wMvN4H9&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 7BB2 43 B
350 B 97ms
28ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESELo9rvfLUV3ZHUhT-W5tggA&google_cver=1&google_push=ARnp8GBDo3H9miKqQzvop7oE9cmH-ueMmL0cKZeqp2UpqEr0qay3Yhfvg0lGFjaWYC5b1MqvLscmA8fmI46Ir1HQEt7DErInsmxn
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: p1ro7c28214jsu71p3d1bmq2gba1gisl

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 7BB2 0
166 B 498ms
15ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBxOZP780HYYL-ofux_QPHU&google_cver=1&google_push=ARnp8GCgyi6Ofub8AdEpRgGf7Ofel4dld-IUn6Rl260mndNe33Is04n1Ysu4ps5jw3i2BcTd7AkYW52vvm2jJiuoiOpcxyn_u1W_
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=240&adk=3831897409&adf=23938113&pi=t.aa~a.3241399019~rp.4&w=160&fwrn=4&fwrnh=100&lmt=1656621632&rafmt=1&to=qs&pwprc=4787984413&psa=0&format=160x240&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621632127&bpp=1&bdt=1364&idt=1&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D86cfd9429a42f5e9-2273a397c2cd0042%3AT%3D1656621631%3ART%3D1656621631%3AS%3DALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ&prev_fmts=0x0%2C884x280%2C884x280%2C884x280&nras=2&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1423&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=a89a6AiPiQ&p=https%3A//www.federalpay.org&dtd=15
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7BB2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFpuj1CElLFcLNk1zqdZCTo&google_cver=1&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9j...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUxSFFXUkwtRi0yWFVE&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9jp63tDtutVdpA1OD6tNkMEtGTR

170 B
188 B

156ms
66ms

Image
image/png

216.58.215.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUxSFFXUkwtRi0yWFVE&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9jp63tDtutVdpA1OD6tNkMEtGTR

Requested by

Protocol

Server

216.58.215.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

waw02s17-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDUxSFFXUkwtRi0yWFVE&google_push=ARnp8GDc9MqPzCO5AaZUAqAmPoVqiZhNi0eLy8fCdvmog3qBFuLhKeUc1LdpqcxoOX5H7ls6O9jp63tDtutVdpA1OD6tNkMEtGTR
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7BB2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAACLsAAAAB&google_nid=index&google_push=ARnp8GArNa9SKsZchwF03TYCCoc34Z5p3MKhh...

170 B
188 B

84ms
64ms

Image
image/png

216.58.215.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAACLsAAAAB&google_nid=index&google_push=ARnp8GArNa9SKsZchwF03TYCCoc34Z5p3MKhhzdviwKSh_56sqfg8cCdBR8BLe25tuqGwtVklPmQAG7iQi5EKB8H8d9kQAeGErTq

Requested by

Protocol

Server

216.58.215.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

waw02s17-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsX6DslaWHuR2v2Ki4HZamNWAuuE0Nos977QPb9%2BgHCljV%2FpVmNKhWsEzXygJsjwM0WKr1luuvwGtVECAZWeLVTtRLs1gs9%2BaUm6xICeDHIzjvtqSHiWx3g4FA5XI8KpKgEpPlnEQEw%2Fsw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJuexybCkJFgfXmU_8h3a9k&google_hm=Yr4KQABpD7ZS4PgeiqIAgQAACLsAAAAB&google_nid=index&google_push=ARnp8GArNa9SKsZchwF03TYCCoc34Z5p3MKhhzdviwKSh_56sqfg8cCdBR8BLe25tuqGwtVklPmQAG7iQi5EKB8H8d9kQAeGErTq
cache-control: no-cache
cf-ray: 7239b7b599cf6937-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 7BB2 0
50 B 63ms
63ms Image
text/html 216.58.215.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JPyvdH0VqHVmiWAhH6Am-vvoxq5nZx3lkSOuO42Ff-p8Y9WwlApMVdpMdEzVOszommJBZO

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.215.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

waw02s17-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E30D 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 41437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 09:09:55 GMT
expires: Fri, 30 Jun 2023 09:09:55 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js Show response
pagead2.googlesyndication.com/bg/ Frame E5D1 36 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220628/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:33:05 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/ Frame 9571 4 KB
2 KB 120ms
41ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

690161b1ec1597f75ea02b25003e88f17173ef41bf6602293a8aa3bd6ab0ff1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 363114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1732
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Jun 2022 15:48:38 GMT
expires: Mon, 26 Jun 2023 15:48:38 GMT
last-modified: Thu, 17 Mar 2022 12:55:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE13 0
622 B 173ms
76ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9EJqdEDz_ReIK2MlltyBR5Ha7GBNBMQ_PxAgE89fifH4PlCibAXP79786oQLSvtTJfI_vuAUWltRvLE9C7DviwK6yhD_jwdueVVyKCvTpWIrHzzH7ZOAdlDhhdXMaacJSLc3caCRqeGfJ3_alBCZY8RoVYEks-7ikDQfumA_Ppag0GCrKwAo7awtaUBVVPR_Pf-cPNXTDrVmuKlRqm3d4ToObUFRbUlh9jGUjnj1E2Lz_pyjK91kVFXCX2cWsMtgwih4aFOHxxInY-r5IEA8IKp5yzr_2VjO4kvLiZR-JwZEdLuGgOAXeCHrPg28qV8MkNXOdsNjzpSLVTL4na1BScbOP-ABQ0UINmwgMPr1IGUsICdRV5ykciwO4EPJhTi0ZBsPicJuKduC8KzaX9AUUw-rQbvqMwkYM4BBd74EgTeUxOh9WkHHcsUgp_qu5WRX6diUaIaA6yL4jFAoNpJmc8No3zTs9lBhir3Hy3mSn_SdfiufLG15isnzXCx3p_WX5ZFDQLpQ1O3fuGz6oWqbV8aaGpbjA6XOpiiq4joxcoaK2BGlkQ1QgDs70VYLxoQn52dNz5_06oJyD6laCgniLE9FpjmbYxPfTh7yO0eDNpfXIBptc3nAoogF2ANzVgtmpWVXfh-hG9FYnnUEeWSUs99M11HTd-Wo-HmH90Y28L9ipH2QALtsqc1mVZp5H0SXrm8F7p8lnmSQB3EnONXjLfeUDtuBroFrzYkEalHEJaQfn7BVhjsoFVVjgjBwZ_4fncL2_IJ1Z7PZASerc_-eE_MD947UufTq973qlBtzaLfYAtOBsbY0JAOjCFE-yYugBwIXBT5NBcv_SpZpfPmwMJ__241CvgpIB90fZPwLxVih2zlfRG0-eZmtA_4BEA66XBcBcCoi7fSKOdwYLqf9GUGRtTeQApPSVzDeJSgn-8IKYZ9WvZ50GAZ2isqiGwD8O4vs8ZmCD04jlt2beLhWYA7-HjfLQISB9RpV1N00La86JBFKm3fDovitr8g695055jO7gV-4veG-V3AYOTbjkO9Bam8QRiDR2bM2f6xSzAHhaTMzV_hkJYYPHjb7S5xNP7SWnhEU-O9sg7d5J9WDpasZhCYcbo3y0eOmkJws56h0R8je2XWt3AkFHVEjuqjOIhhdfrcJ2lskIXPu7ZpmzjygksuUmWfu01LjKqbbrZAy59q_JH8yTD8UTN-ZJDdn7edlSc8xHnTYFIsabzowmwJtcEw1uP9bgbxmSdCNwl_gzfia-O5y_Da0IH2lunpY56xoqhrpZWshl-GCbqKj9wP0&sai=AMfl-YTI-U4sWti5RW5iggWyZI52FZdgrHZgbUaSYwkeL69NMsInL_aWYEqQHAjXM-S2eamLEPPNfm3K9KLQz_3lZtUbiQvYSPQeb78Z6e_hV4lNCXZLiOORUwvLh-GwbTvhzzhFp51j7w8lyXJcbpf_rMoyz0AqkWVNrxwyfX-1V4aBVAj6W7dL6vP0K50qo_EzzdkbG8b1vu7-SCmCW5MovtoQ&sig=Cg0ArKJSzGjawdY24IDIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=215&cbvp=1&cstd=212&cisv=r20220628.81829&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 30 Jun 2022 20:40:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=27437305;s.a=3213511;p.a=331521948;a.a=523468524;cache=1780736153;
ad.atdmt.com/i/ Frame AE13 0
0

GET
H3 200 jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js Show response
pagead2.googlesyndication.com/bg/ Frame E30D 36 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:33:05 GMT

GET
DATA 200
OK truncated
/ Frame AE13 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40fe8669943f7043efd94bfbd32ac52d03b84e3d989883f0f44138ad15a207e4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 lottie_light.min.js Show response
s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/ Frame 9571 179 KB
48 KB 40ms
40ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/lottie_light.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d386d1935249c8bb044bbbb3bef0d855a2260709f4a956048ba92922e39d1682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 08:51:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215333
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49382
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 12:55:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 08:51:40 GMT

POST
H2 204 collect Show response
b.clarity.ms/ 0
48 B 98ms
98ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 30 Jun 2022 20:40:32 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H3 200 data.json Show response
s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/ Frame 9571 149 KB
17 KB 40ms
40ms XHR
application/json 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/data.json

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/lottie_light.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5641b7d32855770766e2e9c6d182c5e5c55a3328244567807243bd8b499a4c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 08:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215473
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17485
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 12:55:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 08:49:20 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E30D 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bid8UQAq-YpH1IMHv3wPA8rCYBQAAAAA4AeAEAg&bg=!qaqlqu7NAAaLlKKnq5Q7ACkAdvg8WvC9WKCLvAwD5VLafenEXCXEHJll-YHeAW43nJlrgspqQ-wArgIAAABXUgAAAAJoAQcKAKbfQlx1E7asHH7DCuDuyF9AH94ZpynRHfLmbVHUZfO8hu4YEi2-VqvImptnRlNggin-5Q-KAvzuO5cQ4m7SBKToyskHC4kVB-bXlpgn_FkyxL6p7SgpGAH0LfdXLwk1LfBzpTm8LxCJPDc_MslE3A4evJ11rc1ZEPri0x7k_f3RLz84wS2N2MboN5yXRjnsbuBNd_PESa3T6AR5u18i-MaJrk00TlEGmQLsHLBuAi9uF6bCWx2OLPfF91D9h0bOs_HXfDVfIQq49uzAPfU3tN-u_yz4DOFKaN8uqZu6oZSejW4QBGQHHIlqzcTS1tTJMlcvaCIO_cKBQf2KQfYt2XNQjsw_25urGc60VrJkors8pic4q_M5hwYXw5rNqAq8ezDnAhAJTBe4Wbep8uS484gnN15e6TzXpg3sY9KjEIHqft-hAd623bLZGEtAilVN-6eKyQOv9Ga8cL6LuIww3AH5aSLnrJvNf30t_rcqDA40GCDW__suRLF35tltx05aj_IrMl6qZ3OW6aqFUou3c7mMorRQFc7HuGw6dBIYHK91BE9F0HmRtN3enrDSHhWMkC9V6xLickmv4dVEc60DRQMeqt63DTPf1AcWumiwHPQoaFBuI3WpaJDxrX2GG439C6PBepk0nwSb16fq9T0PB0VChRcK2j6sLW46LhDxZW3H2gCjowlHIUyXvixIpDtV5mlAlibljKlMJCtV7_P1qLp7xWECIEYIeGt1wluoHA-jMp51IVQDkEePu1uODw5V0_BR-t_IK9tllxKJGAcH96eoDqej60iPuFK_A-DJEYrFlDUcznEGfyeD15f2inz76hz8xLuRKhmwf1xu2GVJONDaoZDhdzsH9mGdpP8xOlKWzF-aGypPJpYS8ByZpqq0tYEnFzOeqBEGw3FiyeP5qNnpUn3G9rsKe7zXsuR2VW9Jr3YKt9uvmUfuUywPPBpa-1PEpzh_0a_cm7xRQIqXTz0CbxVpE5LxC0BKqqDMjkxU7Lt5O3MTdcoU_gs8ttTF8KGHF6hPG_t1ImUBsd-CLI1KzP6mBx6nuMgz7xTskluXccfleqavgbobbFOFRzyX4NHCprsHzTrJyXqTn3j73GIdJ6hHyChhkISL0bbgTBzKIpdCoOQGfYUcZlN56JfwXtXngRMyhReFdVSQZyvuRNDfkkZzskzQ9-89lG6yPP5RnhUIaWoDYF6D33-6RATLtFVupR_Jfw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE13 0
26 B 135ms
69ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9EJqdEDz_ReIK2MlltyBR5Ha7GBNBMQ_PxAgE89fifH4PlCibAXP79786oQLSvtTJfI_vuAUWltRvLE9C7DviwK6yhD_jwdueVVyKCvTpWIrHzzH7ZOAdlDhhdXMaacJSLc3caCRqeGfJ3_alBCZY8RoVYEks-7ikDQfumA_Ppag0GCrKwAo7awtaUBVVPR_Pf-cPNXTDrVmuKlRqm3d4ToObUFRbUlh9jGUjnj1E2Lz_pyjK91kVFXCX2cWsMtgwih4aFOHxxInY-r5IEA8IKp5yzr_2VjO4kvLiZR-JwZEdLuGgOAXeCHrPg28qV8MkNXOdsNjzpSLVTL4na1BScbOP-ABQ0UINmwgMPr1IGUsICdRV5ykciwO4EPJhTi0ZBsPicJuKduC8KzaX9AUUw-rQbvqMwkYM4BBd74EgTeUxOh9WkHHcsUgp_qu5WRX6diUaIaA6yL4jFAoNpJmc8No3zTs9lBhir3Hy3mSn_SdfiufLG15isnzXCx3p_WX5ZFDQLpQ1O3fuGz6oWqbV8aaGpbjA6XOpiiq4joxcoaK2BGlkQ1QgDs70VYLxoQn52dNz5_06oJyD6laCgniLE9FpjmbYxPfTh7yO0eDNpfXIBptc3nAoogF2ANzVgtmpWVXfh-hG9FYnnUEeWSUs99M11HTd-Wo-HmH90Y28L9ipH2QALtsqc1mVZp5H0SXrm8F7p8lnmSQB3EnONXjLfeUDtuBroFrzYkEalHEJaQfn7BVhjsoFVVjgjBwZ_4fncL2_IJ1Z7PZASerc_-eE_MD947UufTq973qlBtzaLfYAtOBsbY0JAOjCFE-yYugBwIXBT5NBcv_SpZpfPmwMJ__241CvgpIB90fZPwLxVih2zlfRG0-eZmtA_4BEA66XBcBcCoi7fSKOdwYLqf9GUGRtTeQApPSVzDeJSgn-8IKYZ9WvZ50GAZ2isqiGwD8O4vs8ZmCD04jlt2beLhWYA7-HjfLQISB9RpV1N00La86JBFKm3fDovitr8g695055jO7gV-4veG-V3AYOTbjkO9Bam8QRiDR2bM2f6xSzAHhaTMzV_hkJYYPHjb7S5xNP7SWnhEU-O9sg7d5J9WDpasZhCYcbo3y0eOmkJws56h0R8je2XWt3AkFHVEjuqjOIhhdfrcJ2lskIXPu7ZpmzjygksuUmWfu01LjKqbbrZAy59q_JH8yTD8UTN-ZJDdn7edlSc8xHnTYFIsabzowmwJtcEw1uP9bgbxmSdCNwl_gzfia-O5y_Da0IH2lunpY56xoqhrpZWshl-GCbqKj9wP0&sai=AMfl-YTI-U4sWti5RW5iggWyZI52FZdgrHZgbUaSYwkeL69NMsInL_aWYEqQHAjXM-S2eamLEPPNfm3K9KLQz_3lZtUbiQvYSPQeb78Z6e_hV4lNCXZLiOORUwvLh-GwbTvhzzhFp51j7w8lyXJcbpf_rMoyz0AqkWVNrxwyfX-1V4aBVAj6W7dL6vP0K50qo_EzzdkbG8b1vu7-SCmCW5MovtoQ&sig=Cg0ArKJSzGjawdY24IDIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=463&vt=11&dtpt=248&dett=3&cstd=212&cisv=r20220628.81829&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.federalpay.org
URL: https://www.federalpay.org/paycheck-protection-program/kari-cattera-tucson-az

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 like.php Show response
web.facebook.com/v3.3/plugins/ Frame C371 0
3 KB 73ms
34ms Document
text/html 2a03:2880:f01c:20e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://web.facebook.com/v3.3/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3746448221d104%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.facebook.com%2Ffederalpay&layout=box_count&locale=pl_PL&sdk=joey&share=false&show_faces=true&size=large&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=355d8f2e8d159c2bf5ce3090e3d8102e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://web.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Jun 2022 20:40:33 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=3,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/web.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options: nosniff
x-fb-debug: e29vv5bwzE6wLReclzOxLPy6eaQb6oryVhGg04/+bZkZFuS9N+sEprHQOE/SNGV8x093TcUN1DnNvFKgYO4PIQ==
x-xss-protection: 0

GET
H2

200

share_button.php Show response
www.facebook.com/v3.3/plugins/ Frame 8383
Redirect Chain

https://web.facebook.com/v3.3/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalp...
https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpa...

51 KB
16 KB

84ms
63ms

Document
text/html

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=355d8f2e8d159c2bf5ce3090e3d8102e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5b7bb340a737376cab2a17ecd98bd779f5f5034a8889ab03822d3c2ece971083

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:33 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v7.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: sdsTIGMBz8w/7q+GBoY3R0obcKomg1X5PdpBx9T63WD00mjPddbnItswggRQfGRrWty6+O8t3sMGXDeP1ZNnkQ==
x-fb-rlafr: 0
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
date: Thu, 30 Jun 2022 20:40:33 GMT
location: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr
priority: u=3,i
strict-transport-security: max-age=15552000; preload
x-fb-debug: iVghyNUWd9eQ414dq6zJGzmLND8gBeAWf7aL4bFyPLIq0lK/bfjnUXHxEFlGaLb0/3Ridlfy1jp4v85kSv39Mw==
x-fb-zr-redirect: 02|1656708033|

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&RedC=c.clarity.ms&MXFR=2BB4D2E93B47638723D1C33A3F476DEE
https://c.clarity.ms/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&MUID=15D28241E0616E5A1CFB9392E10A6F6C

42 B
367 B

26ms
26ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&MUID=15D28241E0616E5A1CFB9392E10A6F6C
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:32 GMT
last-modified: Fri, 20 May 2022 21:53:17 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "17a28a3946cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 361DB63E6E8449CCBF3E2107FCFF4F1D Ref B: FRAEDGE1409 Ref C: 2022-06-30T20:40:33Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=52025E0D04BF402B9D839581FE718B28&MUID=15D28241E0616E5A1CFB9392E10A6F6C
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 136ms
62ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220628&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02804c90ab0d2203d16f34a42a3491d1d6814b5d055467c3f28b3d5de1fa674d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Jun 2022 20:40:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10619
x-xss-protection: 0

GET
H3 200 img_0.png
s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/images/ Frame 9571 70 KB
70 KB 39ms
39ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/images/img_0.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e6e1dc12ddd8400b414ba099ff0938a243932c5191c45fac0b9755b03a6b2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/3480574309732507954/120x240/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 07:42:16 GMT
x-content-type-options: nosniff
age: 565097
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72035
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 12:55:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 07:42:16 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 30 Jun 2022 20:40:33 GMT

GET
H2 200 ps3LEjFUMch.png
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ Frame 8383 441 B
867 B 25ms
7ms Image
image/png 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/ps3LEjFUMch.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:33 GMT
x-content-type-options: nosniff
content-md5: bIdClDVUx2JypSkH1jl0jQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 441
x-fb-rlafr: 0
x-fb-debug: 8ydiC80W+IoE5Q5+/KGjqf4+0a0Wen3tfg9MjBPMRcJ6LR9MjKishuuPmaSmJFK0BRpf8TBujrdT5GT/qelAtQ==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 22 Jun 2023 04:50:27 GMT

GET
H2 200 4AihZqGx8_b.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7Kf4/yj/l/pl_PL/ Frame 8383 532 KB
139 KB 20ms
8ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7Kf4/yj/l/pl_PL/4AihZqGx8_b.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9b811c54bb55be8944d6b72ceca06663cfebe558f62f1404a762ba461d5468f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:33 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: jIcZ7O824yiEWraiEFH2Rw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 141769
x-fb-rlafr: 0
x-fb-debug: bM72JFQucUb+FuuJu1ed/6ZdMp3nQKXXJrYGqzhv6Hk9QRF7DUTOufVTnRgKBnm701LjvCwwqJHr4i+A3Hcl9g==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 30 Jun 2023 16:43:10 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5DD6 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 19:24:37 GMT
expires: Fri, 30 Jun 2023 19:24:37 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 394B 783 B
533 B 49ms
49ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

288d25fab0a3552903cf27bb1e82d87a2f877765ea2e62253389a6007e4b0639

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tn3knbL_pm-McUr5F8hEkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.federalpay.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-tn3knbL_pm-McUr5F8hEkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 20:40:33 GMT
expires: Thu, 30 Jun 2022 20:40:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cavalry_endpoint.php
www.facebook.com/common/ Frame 8383 67 B
103 B 50ms
41ms Image
image/png 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1656621633343&t_start=1656621633343&t_domcontent=1656621633361&t_layout=1656621633413&t_onload=1656621633413&t_paint=1656621633413&t_creport=1656621633413&t_tti=1656621633361&lid=7115135736567622550-0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v3.3/plugins/share_button.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df28cd68fc6a7a7%26domain%3Dwww.federalpay.org%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.federalpay.org%252Ff73e167e71816c%26relation%3Dparent.parent&container_width=160&href=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&layout=box_count&locale=pl_PL&sdk=joey&size=large&_rdc=1&_rdr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: br
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1pFsPvEsgAV33piapS1+U3HHBkHUd+NCZInPZGofEq134a3t1oX3kDgfle706uflrFaS4uHj+ymboNWL6DoV4A==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Jun 2022 20:40:33 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 394B 0
0 77ms
76ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220628&jk=4113921860628280&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js Show response
pagead2.googlesyndication.com/bg/ Frame 5DD6 36 KB
13 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jM248wiKq0YW9gJU5iyZLO601i5VwbJBYGHxrXeF70U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 12:33:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29248
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 12:33:05 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5DD6 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FYnczg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 30 Jun 2022 20:40:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5553 42 B
64 B 71ms
71ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsslPHKZfYrQP4ttY4jFgLibPjFfapnQBdljlmY8PM69i1EL6CigS1r14sJLH8iim2TYQwayIumPKgZzT8Os7iS7Hj_ya7U-9YPcnBj6HLOGiLuABVzqusynZR88prxmQvPUlI-kww&sai=AMfl-YRuy5ukOcMA4MvtwfAYw0dIysns4slX65W1pvH6Tti_n7DqTsz5yKaT0PAYJZOz5xBWPZakDTKDetCd&sig=Cg0ArKJSzBzyMJiSaeyrEAE&id=lidar2&mcvt=1001&p=0,0,280,884&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2296981842&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656621631423&rpt=1212&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F865 42 B
64 B 72ms
71ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvNvcUgYTtnToS8LVZptuSzdgwX5s_ThjBI0596p4XTjx_RuIzb5l0dKXdN1ucuqLcvVpW6Rnfj9EhLJzn5T2FGwmJAwMJe0Tf7XOc6cZ-dp3AUCNmZAIaFPDKYdd_SMp80x5tUNg&sai=AMfl-YR9UdVeUJjoWnYEfE2KIUsM2av124GxCCmLukTEKLKHZoVBQzPlPf8Kg42RBCSBXL2cZtX89nfyaRE1&sig=Cg0ArKJSzJlU84re-WakEAE&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=85,722,1002,1119,1182&tos=85,637,280,117,63&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656621632273&rpt=210&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jun 2022 20:40:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 89ms
88ms Image
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220628&jk=4113921860628280&bg=!7-yl7KjNAAaLlKKnq5Q7ACkAdvg8WiZD3QMKWCWYz8D4qQuymaoGZi7Mt9ngka9iQVymqsc_ghFpHwIAAABJUgAAAAJoAQeZAshoALRwJYvxHdItvccyEs3zfU6K_wsuWT-KgYXDSomyVOelQM6RHl89ojNzHlURocqXPDAf21XIoAnDvmexA2orO8sNXr2zCo5t1qG-wEInh6IXVV5rOJa8WR6VyjMmDG3rnGIvbTom1j7O4764RvirDDc3g78TX37ukCA6vB7qsTFdh0IagZwUamViWlTSKLoknGZzHuUjhfC0mQvgX3UsCXswrWMt2OKw4FJrl3hRBD_W8W0jim5HT1AeD9_txKKBpsqhe0NSI1IM1Wz3i8ZinW1MMyCkFbNk8j7yiY38I0ELL_CehTCGlMw6S9gne2YZcz7oKnHlCsFX8cy8gHzpshZjNA5lHwq4Opk3DdVgeHRXGwAFCef8ixOJH6T1PKh7lndY0tc4yJsPEIO59FUGtO87dJ6L9itdiksp6TBxnaWJTaWFMWlmdbUUSuoEZZDFcetOejopM8B7QTuhatuLCOblE9KmNDVDHtUlBFSJvwJNZIAEFllUzVZNOnHFwDpxee_IZ6FlJpjuUZfu5O2M2lBH7VZ-SXGnIh_RGrkH3lxhaKk4oxLJWSrUlPnx-zwqizmuiuZXugPPBISSJAEXRY7S3KbTYd80RxyfvOl1x3PILt_o1Z_-OEejVRP-F48gP3qC7KTW9cYMkYKOhkSkhNPjE-CiRl1h4mWvedvELzUPOJ3d2xUbJXPtde0Xl-Yl6RuNdkUCxUN55xtI9LgKrPoAoOn0FapAaHCS_DBDGrXyA3paGnFXNYP1K9cGp-Q7rNnBmvPlPb_O6Ypl8RK42eMG4-Jw4NSw1-qR0FCKLq0hrXuqMJ7Um48tqdcj01EKzKT6G8E4VUKUAuT5NOsXiyaLlFT3ScoA1Yr6MOs2c_OR0zmetn7el9p3qJEOMZz_7CbGG02e5UIXviNEHm2szQv8aeVWeCLHYO_wQZ0nZtFTzsu66UlN
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.federalpay.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

POST
H2 204 collect Show response
b.clarity.ms/ 0
48 B 95ms
94ms XHR
text/plain 20.75.32.255
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://b.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.federalpay.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: https://www.federalpay.org
date: Thu, 30 Jun 2022 20:40:34 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=27437305;s.a=3213511;p.a=331521948;a.a=523468524;cache=1780736153;

Verdicts & Comments Add Verdict or Comment

194 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ebayadservices.com/marketingtracking/v1	1970-01-20 06:19:57	Name: adguid Value: ecbe6b83400f496a9644d3c9baa16571
.federalpay.org/	1970-01-20 04:10:28	Name: fp_federalpay_csrf Value: b60c30d1020d2c4872f718d990896c3d
.paypal.com/	1970-01-21 06:27:09	Name: ts Value: vreXpYrS%3D1751316030%26vteXpYrS%3D1656623430%26vr%3Db65805f21810ad045fcef008ff7c9683%26vt%3Db65805f21810ad045fcef008ff7c9682%26vtyp%3Dnew
.paypal.com/	1970-01-21 06:27:09	Name: ts_c Value: vr%3Db65805f21810ad045fcef008ff7c9683%26vt%3Db65805f21810ad045fcef008ff7c9682
www.clarity.ms/	1970-01-20 12:55:57	Name: CLID Value: 58eef53aa1be4f258c5abcafb429720e.20220630.20230630
.federalpay.org/	1970-01-20 04:11:48	Name: _gid Value: GA1.2.1111950166.1656621631
.federalpay.org/	1970-01-20 04:10:21	Name: _gat Value: 1
.federalpay.org/	1970-01-20 04:10:23	Name: __cf_bm Value: qdQI9oCkgP3QGesYWSaOX4Ypihyh3yqHOI03ZUOllKU-1656621631-0-AV7NeT5+DMT8bv1zU+ICa6mgxKgY42yj5HzlxKJyvMAyyNpgPbzfCiezoAvDuJETIf3c0/Lmaau9uuSARO/bkMdYPxIFDwl0D0BkDf5IXyfGpkvRBWvDHlLueruTbSkafA==
.federalpay.org/	1970-01-20 21:41:33	Name: _ga_69P9YCZJQH Value: GS1.1.1656621631.1.0.1656621631.0
.federalpay.org/	1970-01-20 21:41:33	Name: _ga Value: GA1.1.228871077.1656621631
.federalpay.org/	1970-01-20 12:55:57	Name: _clck Value: 1wsg68l\|1\|f2r\|0
.federalpay.org/	1970-01-20 13:31:57	Name: __gads Value: ID=86cfd9429a42f5e9-2273a397c2cd0042:T=1656621631:RT=1656621631:S=ALNI_MZWUT9LoTHW5JDG45rgtsr2wT4IAQ
.doubleclick.net/	1970-01-20 13:31:57	Name: IDE Value: AHWqTUlGMQDMtV1Y44NjXPwerajbgmEIoilpMsaU8vHnprIRgOnLFnCEbO28Kap0DMo
.federalpay.org/	1970-01-20 04:11:48	Name: _clsk Value: t800b9\|1656621631999\|1\|1\|b.clarity.ms/collect
.adnxs.com/	1970-01-20 06:19:57	Name: uuid2 Value: 2440337114140386711
.casalemedia.com/	1970-01-20 12:55:57	Name: CMID Value: Yr4KQABpD7ZS4PgeiqIAgQAA
.casalemedia.com/	1970-01-20 06:19:57	Name: CMPS Value: 2235
.casalemedia.com/	1970-01-20 06:19:57	Name: CMPRO Value: 2235
.doubleclick.net/	1970-01-20 04:10:25	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 06:19:57	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb6t$$5e!@wnfH8K6pQK`!5=E<L5?%L`e:U@^b`2(Wj(!iqfzP^7kC$Ts??k9W.(ln@bpRzqF1`b^LE)mE@+
.quantserve.com/	1970-01-20 06:19:57	Name: d Value: EH4BCQHAJoEA
.quantserve.com/	1970-01-20 13:40:36	Name: mc Value: 62be0a40-d16a6-e6336-78807
.casalemedia.com/	1970-01-20 06:19:57	Name: CMTS Value: 3341
.c.bing.com/	1970-01-20 13:31:57	Name: SRM_B Value: 15D28241E0616E5A1CFB9392E10A6F6C
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 13:31:57	Name: MUID Value: 15D28241E0616E5A1CFB9392E10A6F6C
.c.clarity.ms/	1970-01-20 04:10:22	Name: ANONCHK Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://pagead2.googlesyndication.com/pagead/show_ads.js?_=1656621630816(Line 93) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0583047843012866&output=html&h=280&slotname=7642463661&adk=1641099693&adf=3490918579&pi=t.ma~as.7642463661&w=884&fwrn=4&fwrnh=100&lmt=1656621631&rafmt=1&psa=0&format=884x280&url=https%3A%2F%2Fwww.federalpay.org%2Fpaycheck-protection-program%2Fkari-cattera-tucson-az&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656621631062&bpp=2&bdt=300&idt=365&shv=r20220628&mjsv=m202206290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C884x280&nras=1&correlator=7262277415877&frm=20&pv=1&ga_vid=228871077.1656621631&ga_sid=1656621631&ga_hid=796335041&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=453&ady=2084&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068289&oid=2&pvsid=4113921860628280&tmod=1054626550&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=jFhOWuwUEs&p=https%3A//www.federalpay.org&dtd=367 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DARnp8GDOohb05rBHwtP-j4BTWwM588wTyQO3S-egwe7OvFfelqdU8A_5mKD4-VXSHk9tcrcD7ZQgvVx1tOSN1yD-GU9ghQECMSJy&google_gid=CAESEP03S1FFY8oUwv2MXsBPAR8&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=27437305;s.a=3213511;p.a=331521948;a.a=523468524;cache=1780736153; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.atdmt.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
b.clarity.ms
c.bing.com
c.clarity.ms
cat.nl.eu.criteo.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cse.google.com
csm.eu.criteo.net
dsum-sec.casalemedia.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.rubiconproject.com
region1.google-analytics.com
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
rtb.openx.net
s0.2mdn.net
secureir.ebaystatic.com
ssum-sec.casalemedia.com
static.criteo.net
static.xx.fbcdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
web.facebook.com
www.clarity.ms
www.ebayadservices.com
www.facebook.com
www.federalpay.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
ad.atdmt.com
104.18.18.126
104.75.89.51
142.250.185.98
142.250.186.34
151.101.193.21
178.250.0.139
178.250.2.148
178.250.2.150
185.33.221.90
185.64.190.78
192.229.221.25
20.234.93.27
20.75.32.255
2001:4860:4802:32::36
209.140.129.66
216.58.215.98
2606:4700:20::ac43:4507
2606:4700::6811:180e
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2620:1ec:27::cafe:1501
2620:1ec:c11::200
2a00:1450:4001:801::2008
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
2a00:1450:4001:831::2006
2a00:1450:400c:c07::9c
2a00:1450:400e:800::200a
2a00:1450:4017:801::2003
2a00:1450:4017:803::2003
2a00:1450:401b:803::200e
2a00:1450:401b:80e::200e
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::2
2a03:2880:f01c:20e:face:b00c:0:2
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.98.67.61
35.186.253.211
35.244.174.68
69.173.144.165
01f367b07bd9d3c11f565ac5fb32520856dcb7b4b18fade31b6be51dd51df482
02804c90ab0d2203d16f34a42a3491d1d6814b5d055467c3f28b3d5de1fa674d
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c8c266275471879e1045e1b40d236ef72032da94110ed5837eb1eb10c26dd2a
0d1c67a35e25f04bc565639252e7da0b80c665dd4fd80bc6e0d8464fb54b6134
0df3db2678c71d2874f90967df4df4b8f054d78b58985a59ed8a1c607a4e52c7
0f3690f18b09e492b365bbd822267af1b062612997733f09d7c0f1c02b252b15
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
139f371de00926473cd5d7b5e541259a0187ba80fce66ccfbe864bdd8de9730d
145020662373e30af855206c7f3f0d193b39c3984a0927a9f71167408ec4e666
17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e98c85a4d5857cf36fbed998f6f96fcc43836304f8e7a04382f10cb4100fb6e
1fa16b01e976d07660ebbecb42fa90fe390d9560e32e65832aa2873b4988ba12
204ee979949dff78fdc0b391fe74c9b8fe736abd65a1f0a6af80cb01bcfb8587
22f90456ef5e2b1d7320127400d1383cc7a97a583efd49eea5df2b184e3a5c7f
256b2152e83dc8b0f5141e80d4f02b71ec98b1b82eb53cfabbefcf909f67d831
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32
288d25fab0a3552903cf27bb1e82d87a2f877765ea2e62253389a6007e4b0639
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
3ab7760fda0c8e4cf6b71829c8c5e7f0bb15827fb9c73dbf64a61ce78a0aeeeb
3f8deef6abced6f261a224f33d210e1704f929dc92e7fb6fe3cedeac5ba41b03
40fe8669943f7043efd94bfbd32ac52d03b84e3d989883f0f44138ad15a207e4
43d3bea2567fb23db60f47dbc6769540a6f8e36f7a1537e4ac6cc83ada60b025
45b4df3791f15848f459acfcdb947c967d32a2ab208189ad19236126e23a8637
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf64ae6b2f84eca11c5d7d891ffbed726ff6c5783ffb4eef30412b86a3187ed
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4decdb536dce21fc4fbb16e0b1d5a1b3e86c79902e462b74b724c9b8aef4c756
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54195a1ce647fc7da06286430806cec7fc2f7a3b3b6e34b0ec1f0be13a2317d2
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
5b1aa52495203e4769f095d2f3ecabc73bf7a626fdead2659cc738366f38dec8
5b7bb340a737376cab2a17ecd98bd779f5f5034a8889ab03822d3c2ece971083
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cdaf6aae2dabbdc998aa46fe673b49e901ec1810832273aeb47ae58e1e7b003
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
690161b1ec1597f75ea02b25003e88f17173ef41bf6602293a8aa3bd6ab0ff1f
6ad11c37b399c0deae59208dcfbdf2b0ac7abe880bc90c3fb71c8d1cb7ace60e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fe6d13fa599e5de72b45ad29add45befb6100f913992b0ba80744b319dd1724
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
74de4d96a9227b0959f62e505d2594fc5bc2c641c0b61588f017019c7248ea3e
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
7b7a0f003683f9a959f9b2977b4edaac6e5c81921c0ed89c8d380941ff5228eb
7c1823ae6c3268e05b770f3b168b52d23e4ef611c1ff63dd2123fa011724e25f
7ef8a8c9ff10c0ab0a20c33b7e1346431a2bc3052ea7b489cc8c9cb8234539c1
7f1d0f9dd348984a2a73b9da1e5d50d23c71b1d0b305c8ed0adc214cfea66fde
7f967d94e5d04cedfa0cf660e6f65c1be38d723c4096147214218e378c595790
80348bcab329157707e771f99704f6f6bbc56b2e375509e84c54bec6fd56cfed
82d9db9be470425d2ea1bcf736037aaadf2f8fadafa2816b343df24013afc653
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ccdb8f3088aab4616f60254e62c992ceeb4d62e55c1b2416061f1ad7785ef45
8cd0821955ada2d7922b40e87a22ff2b916af87106984ecee7875e6b84916c0f
8e8d673cf3215b6037b351fae6cfd67c06e3a20b5f607207ee9aabb87ae17ca1
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
90eb655b43d41ea856b9bb0213994bd9c53ea36f7ffc62e2353008b5a1c0ad9a
943183889713daa24baaf124084e45f92a1912b81130c6383eb03dffeb554293
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9889d293bdf8aade186c21e09da716d43057e43fbe46820e1983730b3e561c0a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b811c54bb55be8944d6b72ceca06663cfebe558f62f1404a762ba461d5468f5
9d47816d0f275c8c2e3ab4fc230ce61d1372fc6b2202e7299c1bcc04f47b9b8e
9ddb491a5e0aa451fb393c8a4ebacee5eddb082307b03c9da1c0ae71cb930d02
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e4497b19bc78d6847909052181ad2e48e8499e60962c4d3bbe16816a643ac1
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4671bb1628ee29282edd52e7575bd45e435f2a381c8dd120fa121a2c4c7b73d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
afecffb787dd86256277a47f6eafb581a29e99b8bca122c41c59aaf4c992d1de
b14234740394e59287bce1f6f3a594a8f221b382552b35658f1ef15d16ee662b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ea67ffb17b1041dd754561f2afe8a977de25e7e675b5a6a24b824c85879258
b888f4950683c3ac869c1c8cf340c011526e7320c402a82e59e2860194c81ab4
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
ba3fe63eac33e099b1600d123a80bc075696219926d63f6adc4b9401aad71ca9
bed3202c2cbcd2c0e4f8fcc31fa24fd52575ead8d9d3f53a806f1b75cde7b650
bfb6a960c0c3667719933c0d8199a574888ac3ca6a3a5da8505bcc6ca2e572f4
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c428fd4e912ba8982bf9b8f61e18de4931ee1408ef9b5e364354926694ad70e2
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
c84b65d28987914d821e2d95e40006263ff9dc732d4d68f93ef1dc8a4cfb8db2
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cdced1ccabc848c7564b50411945aad2367eba1bd7da70cf2836a5fb421efd66
d386d1935249c8bb044bbbb3bef0d855a2260709f4a956048ba92922e39d1682
da1a3b3b62d70a2716174f3a66757911eea4904c706c909baf664e1d6ca18c89
dc1279ca75f43a22f2305d76b685e99c5dd06c45cdc34c4cca9a313c69f851e0
dd7604746393f2ddcde6438b9e3770c74c80c4d4bc1828c4a37e8a00433b9787
df31df5a9d4fbf404f0ea887e0a124083accbcdbe9bf098f6632183cc903ddc7
df332a29db424e7bf51c0f249ccbd3d5b3d22665ad882c2e253db6a34338b051
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e25a70bc376bba702bc225d598379a969d89e3f59cdf993bd57d49f532cbbc29
e2ca57ee8e29d812d75dad379eeffa81f200e4ab0878cb15c4b60c92cd00802d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f714f28225e03c64ce6cd24eb1f076426d54a0c7bdadd813b590013008b9f1
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e5641b7d32855770766e2e9c6d182c5e5c55a3328244567807243bd8b499a4c0
e803b28f5592d9fad97a153d3fa46d9690d5740e352d087dd3d817df4de9704a
eb5cab8d0f2d329578c252536c21c723f04d486c281d7ca418bb591e7f007ea3
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ead4a9044e784eea668cbb8d2ce9c49908ab2055d2f94c94383225742f05c
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5e6e1dc12ddd8400b414ba099ff0938a243932c5191c45fac0b9755b03a6b2d
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6c4922a766f43438bc1e22b0eb827608b136f914b07895ef58dbebbb18d30c2
f895332e52aec590d6bbd9d76253cee4af1482cd1e1bebdaaed387d26441dafa

www.federalpay.org Open in urlscan Pro 2606:4700:20::ac43:4507 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

198 Requests

94 %HTTPS

60 %IPv6

33 Domains

52 Subdomains

43 IPs

8 Countries

2388 kBTransfer

5889 kBSize

27 Cookies

4 Outgoing links

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.federalpay.org Open in urlscan Pro
2606:4700:20::ac43:4507 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

94 %
HTTPS

60 %
IPv6

33
Domains

52
Subdomains

43
IPs

8
Countries

2388 kB
Transfer

5889 kB
Size

27
Cookies

198 HTTP transactions
5 data transactions