www.proxysite.com Open in urlscan Pro
107.23.216.46 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1
Effective URL:
https://www.proxysite.com/
Submission: On December 11 via api (December 11th 2022, 2:25:32 pm UTC) from US — Scanned from DE

Summary HTTP 218 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 31 IPs in 9 countries across 32 domains to perform 218 HTTP transactions. The main IP is 107.23.216.46, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.proxysite.com. The Cisco Umbrella rank of the primary domain is 203901.
TLS certificate: Issued by Amazon on March 28th 2022. Valid for: a year.

This is the only time www.proxysite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	68.235.61.75 68.235.61.75	11878 (TZULO) (TZULO)
1 18	107.23.216.46 107.23.216.46	14618 (AMAZON-AES) (AMAZON-AES)
37	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
7 28	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3 7	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
4	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2 2	3.68.131.166 3.68.131.166	16509 (AMAZON-02) (AMAZON-02)
2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
4 4	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:1f82:7aa0:f039:aca9	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:6c4b:f51b:1183:ef60	16509 (AMAZON-02) (AMAZON-02)
6 6	52.58.96.67 52.58.96.67	16509 (AMAZON-02) (AMAZON-02)
1 2	54.171.34.240 54.171.34.240	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	104.18.33.19 104.18.33.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1 1	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
1	52.16.228.49 52.16.228.49	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:5400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:1f18:1ac... 2600:1f18:1aca:4281:c410:d4b:3343:fab	14618 (AMAZON-AES) (AMAZON-AES)
218	31

1 68.235.61.75 (Chicago, United States) 1 redirects

ASN11878 (TZULO, US)

us8.proxysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 107.23.216.46 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-216-46.compute-1.amazonaws.com

www.proxysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 216.58.212.130 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.82 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.68.131.166 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-131-166.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.253 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:1f82:7aa0:f039:aca9 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.244 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:6c4b:f51b:1183:ef60 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.58.96.67 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-96-67.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.34.240 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-34-240.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Tuttlingen, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.33.19 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.252 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.122 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.228.49 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-228-49.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:5400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:1aca:4281:c410:d4b:3343:fab (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103 tpc.googlesyndication.com — Cisco Umbrella Rank: 139	677 KB
50	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 297	268 KB
19	proxysite.com 2 redirects us8.proxysite.com www.proxysite.com — Cisco Umbrella Rank: 203901	167 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 269	180 KB
12	gstatic.com www.gstatic.com fonts.gstatic.com	203 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 791 static.adsafeprotected.com — Cisco Umbrella Rank: 544 dt.adsafeprotected.com — Cisco Umbrella Rank: 535	96 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 413	6 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	327 KB
6	bidswitch.net 6 redirects x.bidswitch.net — Cisco Umbrella Rank: 290	3 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 218 secure.adnxs.com — Cisco Umbrella Rank: 430	6 KB
6	google.com adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	1 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 758 syndication.twitter.com — Cisco Umbrella Rank: 1118	150 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	4 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 639	2 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 727	488 B
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 447	2 KB
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 16255	934 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 323	529 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 718	2 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 833	136 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 11832	914 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	87 KB
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 549	338 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1494	584 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 418	714 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 810	710 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2681	104 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1505	296 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 321	460 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 840	700 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	18 KB
218	32

	Domain	Requested by
40	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
37	pagead2.googlesyndication.com	www.proxysite.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
28	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net www.proxysite.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.proxysite.com
18	www.proxysite.com	1 redirects www.proxysite.com
15	s0.2mdn.net	googleads.g.doubleclick.net www.proxysite.com s0.2mdn.net
7	fonts.gstatic.com	fonts.googleapis.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	www.googletagservices.com	googleads.g.doubleclick.net
6	x.bidswitch.net	6 redirects
5	dt.adsafeprotected.com	googleads.g.doubleclick.net
5	www.gstatic.com	googleads.g.doubleclick.net
5	fonts.googleapis.com	googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	c1.adform.net	4 redirects
4	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net www.proxysite.com
4	platform.twitter.com	www.proxysite.com platform.twitter.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	onetag-sys.com	1 redirects googleads.g.doubleclick.net
2	fw.adsafeprotected.com	1 redirects www.proxysite.com
2	sync.mathtag.com	2 redirects
2	ads.travelaudience.com	2 redirects
2	match.adsrvr.org	googleads.g.doubleclick.net
2	pm.w55c.net	2 redirects
2	static.xx.fbcdn.net	www.facebook.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	syndication.twitter.com	platform.twitter.com www.proxysite.com
2	www.google-analytics.com	www.proxysite.com www.google-analytics.com
2	connect.facebook.net	www.proxysite.com connect.facebook.net
1	beacon.krxd.net	googleads.g.doubleclick.net
1	secure.adnxs.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	connect.facebook.net
1	us8.proxysite.com	1 redirects
218	43

This site contains links to these domains. Also see Links.

Domain
us16.proxysite.com
pryvacy.com

Subject Issuer	Validity	Valid
proxysite.com Amazon	`2022-03-28` - `2023-04-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-19` - `2022-12-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-20` - `2023-10-19`	a year	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://www.proxysite.com/
Frame ID: 0AB95C92F08F814CF1E01A9C2E990846
Requests: 38 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/zrt_lookup.html
Frame ID: 8682242B5816E2ED3EED5D9A3448B411
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df26ab71b5ecff8c%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ff29b9f77836f14c%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80
Frame ID: 9C745D07BC500C24DE46BE79577D1933
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com
Frame ID: 2581423C21A9BB6BB41C64C35550DA9D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727556&bpp=3&bdt=535&idt=253&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&correlator=2501798545303&frm=20&pv=2&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KgavVMfs3p&p=https%3A//www.proxysite.com&dtd=274
Frame ID: 0611586B3E63BA551A01F0941327B1FC
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727559&bpp=1&bdt=538&idt=279&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wq8IPrknzr&p=https%3A//www.proxysite.com&dtd=283
Frame ID: FFDB58427A9B468A79B552BFC3B81057
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670768727&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727560&bpp=1&bdt=540&idt=293&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=79TDpp2lE5&p=https%3A//www.proxysite.com&dtd=296
Frame ID: 6756DFE666BCCFE4E2B08545878350A0
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&adk=1812271804&adf=3025194257&lmt=1670768727&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.proxysite.com%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727561&bpp=1&bdt=540&idt=302&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280%2C728x90&nras=1&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=308
Frame ID: 5E3E7B213F98C5D85A7CAC85061AF2AA
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: E0A3FA3C984F756C34B557BF74C1D487
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUBXUwGmmoBpOOx-Uvg7w1un1rH9cUzqw9hs_osvB8L9WDM3eCAKa4FaxxZhdpBXV8lT012C96UvbNFzR-beD1TQxpLEsBRskO2p00nzNXk34ua0GwLt5t7267baodVUjRukFI_Dq4Orvev6pdHetKgVC9W4t25n35O-OSFBcWVUZc5Yko
Frame ID: 5094C199234B9E01714840C45F36AA45
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D353BDB265AC86FAFCD69C83658A9996
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5
Frame ID: D4F92E59EF7CE64A26540F69FFED2ED8
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Frame ID: D809CD2D16C14F554E0B1F7D9C23536D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10
Frame ID: CB1916077C9D66B40B997BDEF3306838
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1
Frame ID: 66BBFC9A843BE79FD8BBC2572A50729B
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: C8C879720552298747474F1A2AA5BBD1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: BA478D95AB4694D77250DBBA2AD0A2D4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: E2480E5650601822A87E4C6DDA0403C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJa-_eICEIjrweQCGN2p0NgBMAE&v=APEucNVPaqCgCkIE5fAkVE8VclydrrN8O1LBvG9cqYx_tilWeVlsPCwAaFnxtkvcp0WPQT9dFJlR88z9k7i_Ky7zg00XZUz_-mDQhQ0NIxuxVUTceSaVdO7WeJnyVbAFPKaqRSH3e5Eq_6VajXiKL_AtUhjBzH6r9J7JUPOrRh5vyONB79qZg1Y
Frame ID: 0F21FE78FDAF36A4655E0EF326F9B516
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: BA9520CE5B784B05FA0073F4D6D13A63
Requests: 28 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1BF3A61173792D6345584CD0F20EE66D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A316201BDCE831DD41D0347D663950BC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: B479B1674A868DD58A18538CAE7C8DB3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 80B46835DAB1CCF9E8E2FDBA6AAAAD55
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: 30A770D96F2C30A94427BABBA9C287C9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 63D11D6A7789228F34EAE989EF5BD3B1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
Frame ID: D8611FFA79F430AD0488974508414578
Requests: 13 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F431DDE3D7C894797721D2665CBB7771
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B27DEB2C57B61B8997ED08A4E2F24626
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7FF043A1951C173F89D840FA5746E117
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ProxySite.com - Free Web Proxy Site

Page URL History Show full URLs

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1 HTTP 302
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D HTTP 301
https://www.proxysite.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

218
Requests

88 %
HTTPS

50 %
IPv6

32
Domains

43
Subdomains

31
IPs

9
Countries

2341 kB
Transfer

6090 kB
Size

33
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://us16.proxysite.com/go/youtube.com
Title: YouTube

Search URL Search Domain Scan URL

URL: https://us16.proxysite.com/go/facebook.com
Title: Facebook

Search URL Search Domain Scan URL

URL: https://us16.proxysite.com/go/twitter.com
Title: Twitter

Search URL Search Domain Scan URL

URL: https://us16.proxysite.com/go/reddit.com
Title: Reddit

Search URL Search Domain Scan URL

URL: https://us16.proxysite.com/go/imgur.com
Title: Imgur

Search URL Search Domain Scan URL

URL: https://us16.proxysite.com/go/google.com
Title: Google

Search URL Search Domain Scan URL

URL: https://pryvacy.com/
Title: Pryvacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1 HTTP 302
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D HTTP 301
https://www.proxysite.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcJwHQmRuXwSwcbB6zg_8E&google_cver=1

Request Chain 48

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5XoWK2wOEvh.w0FiCTXlQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2

Request Chain 49

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

Request Chain 50

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1

Request Chain 130

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5XoWK2wOEvh.w0FiCTXlQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2

Request Chain 131

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

Request Chain 132

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

Request Chain 157

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6tVfqyHL5z2uIHZz1Kc8quD0RXhGnKCerP_jY7FAaPOn22uVcxVMuAiA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6tVfqyHL5z2uIHZz1Kc8quD0RXhGnKCerP_jY7FAaPOn22uVcxVMuAiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MVl0OXJQSmMxUDRuZ0o1&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6tVfqyHL5z2uIHZz1Kc8quD0RXhGnKCerP_jY7FAaPOn22uVcxVMuAiA

Request Chain 159

https://ads.travelaudience.com/google_pixel?google_gid=CAESENKGCvStN0dYM-tBcgZ0Z7E&google_cver=1&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhvs65FsxuaF8rsiQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=4ydjE3G4TLe9_cCN8GV4bg2&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhvs65FsxuaF8rsiQ

Request Chain 160

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF066XuK9yg3JzMw9P5qF5ryr5k HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF066XuK9yg3JzMw9P5qF5ryr5k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTEwMDk4ODUxNTAwOTQ1MTQ5MA&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF066XuK9yg3JzMw9P5qF5ryr5k

Request Chain 161

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1IS_DB-_6vy2OQEtvz_kiym4 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1IS_DB-_6vy2OQEtvz_kiym4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjcyNjAzMDkzMzIyOTQ0MzI0Mw&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1IS_DB-_6vy2OQEtvz_kiym4

Request Chain 162

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKAtTqqAEEcWzNIicPNXWL8&google_cver=1&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGFjrNVboOoi5V4U9M5t-ORDBaAA_hM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJKR0tBSkctWC1BVlNF&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGFjrNVboOoi5V4U9M5t-ORDBaAA_hM

Request Chain 166

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAs2rU_TJtFgv9aoTQZaxd8&google_cver=1&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvRi6CuSaJGjDydv1E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvRi6CuSaJGjDydv1E

Request Chain 167

https://um.simpli.fi/gp_match?google_gid=CAESEPx6_qDuys_BpIw2w32WCBY&google_cver=1&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y7D0YEv1jN8p5Ywus HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=099162268B924AF1A259FA479226C48A&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y7D0YEv1jN8p5Ywus

Request Chain 169

https://ads.travelaudience.com/google_pixel?google_gid=CAESENKGCvStN0dYM-tBcgZ0Z7E&google_cver=1&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWglxQWeDfHuD4I7eQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Gj8gR_-_Tb6NPf1BGmEubA2&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWglxQWeDfHuD4I7eQ

Request Chain 170

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBFBdwe1-X2zAutWoB58_4U&google_cver=1&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRRuXaMh524 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRRuXaMh524&google_hm=eS01czlpMGdCRTJwRnJrN0d3THgwRnN0aGxmVlIzb2VLZH5B

Request Chain 171

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XHPRLk07Y1n-4yLM&google_cver=1&google_push=ASkJ3FbFwkFnD6vcbNpXEdPKkr4Pp7VAV-SBI4K6CebpHpUr3FDL0KfJ9z1NOqlqZDHLMiMvSybiWSkfd3ZGXkXeFVuhvb_L0ds7_hQ HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XHPRLk07Y1n-4yLM&google_cver=1&google_push=ASkJ3FbFwkFnD6vcbNpXEdPKkr4Pp7VAV-SBI4K6CebpHpUr3FDL0KfJ9z1NOqlqZDHLMiMvSybiWSkfd3ZGXkXeFVuhvb_L0ds7_hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

Request Chain 185

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAs2rU_TJtFgv9aoTQZaxd8&google_cver=1&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8umjKc4iKxASRMEGw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8umjKc4iKxASRMEGw

Request Chain 186

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESED7DtgzS8_Ia13BwVa8CAPc&google_cver=1&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978LsQ-t569NbwG7l HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NTg5NzA1MDI2NTg3NjYzMg%3D%3D&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978LsQ-t569NbwG7l

Request Chain 187

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENEm6oLB-n73jV5WAsacq9w&google_cver=1&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENEm6oLB-n73jV5WAsacq9w&google_cver=1&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg&google_hm=-a1P3DxYT0KpfR4a7Ye0pA==

Request Chain 188

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_cver=1&google_push=ASkJ3FYijQOXNlQJv9E4Ev7ZfZrJuunsjeTvrV1nFnPeJvA2lzOmbKUCdalc8KhKorbInHX7bgQLuAukYylpSP2p_eGXrkiqFrfVPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_hm=Y5XoWK2wOEvh-w0FiCTXlQAAFGcAAAAB&google_nid=index&google_push=ASkJ3FYijQOXNlQJv9E4Ev7ZfZrJuunsjeTvrV1nFnPeJvA2lzOmbKUCdalc8KhKorbInHX7bgQLuAukYylpSP2p_eGXrkiqFrfVPw

Request Chain 189

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAJpf6g3jAfBnKVFnU83fks&google_cver=1&google_push=ASkJ3FZevnEZRPcGfxom1E2cLnUoFajvA7njslK0L_DuW3op446qEz2mikZ_VjwPSlSjcNDt7t5au4Rt5HHIkd7l9hr35ot9bazfuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZevnEZRPcGfxom1E2cLnUoFajvA7njslK0L_DuW3op446qEz2mikZ_VjwPSlSjcNDt7t5au4Rt5HHIkd7l9hr35ot9bazfuA HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 190

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBNHp5ah9ujNWeahoLCT890RlktsmrD6knFl6jF1GaJ3_HEjl5_k-8t84h-fB9dWFRn3EzUsVbpm94Y16r3REOdrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBNHp5ah9ujNWeahoLCT890RlktsmrD6knFl6jF1GaJ3_HEjl5_k-8t84h-fB9dWFRn3EzUsVbpm94Y16r3REOdrQ

Request Chain 191

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XHPRLk07Y1n-4yLM&google_cver=1&google_push=ASkJ3FaRqNgWNwSjU934ge7WKtTGhWqb1CT_mT-JMcBW42WadqUowlXWuaJsEBnq4mPYDdPklSC8IeqyuI0h902Li01v70Dn1OCG3Q HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XHPRLk07Y1n-4yLM&google_cver=1&google_push=ASkJ3FaRqNgWNwSjU934ge7WKtTGhWqb1CT_mT-JMcBW42WadqUowlXWuaJsEBnq4mPYDdPklSC8IeqyuI0h902Li01v70Dn1OCG3Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

Request Chain 209

https://fw.adsafeprotected.com/rfw/st/1221565/67009940/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.proxysite.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.proxysite.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5271052033776811%26output%3Dhtml%26h%3D90%26adk%3D2236586032%26adf%3D2192318161%26pi%3Dt.aa~a.1534086353~rp.2%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1670768728%26rafmt%3D1%26to%3Dqs%26pwprc%3D8717720231%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fwww.proxysite.com%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1670768728840%26bpp%3D1%26bdt%3D1819%26idt%3D-M%26shv%3Dr20221206%26mjsv%3Dm202211300101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D9974f73a7d7fc9ea-22229222f8d90083%253AT%253D1670768727%253ART%253D1670768727%253AS%253DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA%26gpic%3DUID%253D000008cfef0b5c10%253AT%253D1670768727%253ART%253D1670768727%253AS%253DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ%26prev_fmts%3D990x280%252C990x280%252C728x90%252C0x0%252C1200x280%26nras%3D3%26correlator%3D2501798545303%26frm%3D20%26pv%3D1%26ga_vid%3D671281270.1670768728%26ga_sid%3D1670768728%26ga_hid%3D1375545885%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1794%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759842%252C31071113%26oid%3D2%26psts%3DAMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%252CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q%26pvsid%3D3484705495856268%26tmod%3D1359884314%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26fsb%3D1%26xpc%3Dkuqsttf6Jj%26p%3Dhttps%253A%2F%2Fwww.proxysite.com%26dtd%3D8&adsafe_type=bed&adsafe_jsinfo=,id:2fe4e827-9808-3783-bd3e-91f365b3dc31,c:wuWHfo,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7586cf6859-4zkxr,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:3,mot:0,app:0,maw:0,fm:tpIzk1d+11%7C12%7C13%7C14%7C151%7C161%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1b2%7C1c1*.1221565-67009940%7C1c11%7C1c12%7C1c131%7C1c14%7C1d1%7C1d2%7C1e1,idMap:1c1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:20,oid:a9ef9ce7-795f-11ed-83fd-8eefcf60ae69,v:19.8.374,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=

218 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.proxysite.com/
Redirect Chain

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D
https://www.proxysite.com/

14 KB
5 KB

157ms
156ms

Document
text/html

107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 5e9195fc00b28413c80eafbeebf6ce51782db81e60f33931d06ea6d983a45fa8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, max-age=0
content-encoding: gzip
content-length: 4243
content-type: text/html; charset=UTF-8
date: Sun, 11 Dec 2022 14:25:26 GMT
expires: Sun, 11 Dec 2022 14:25:26 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: max-age=0
content-length: 234
content-type: text/html; charset=iso-8859-1
date: Sun, 11 Dec 2022 14:25:26 GMT
expires: Sun, 11 Dec 2022 14:25:26 GMT
location: https://www.proxysite.com/
server: Apache

GET
H2 200 96f631f.css
www.proxysite.com/css/ 38 KB
8 KB 224ms
223ms Stylesheet
text/css 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 35d4a453929aeb9cb4ca18e20087e72d2b251d050a6a7ec20931c152049d341f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:12 GMT
server: Apache
etag: "97e6-58465952eb312-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7817
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 logo.png
www.proxysite.com/assets/images/ 3 KB
4 KB 114ms
113ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/logo.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 2f1513a46b73f5ada51bafe9acd73abc1489f912de163236e4b6480a8311fb18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "cd8-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3288
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 privacy.png
www.proxysite.com/assets/images/ 7 KB
8 KB 317ms
316ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/privacy.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: eaee2371582b8c319e9f7b6432b570d1c7cc5bda80a6d7819521c6df355c3f9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1dbc-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7612
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 speed.png
www.proxysite.com/assets/images/ 5 KB
6 KB 208ms
206ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/speed.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 036a97f58ae41233cce615d76fb5511d15d9db41201bae08f0099eeb07faec28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "158b-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 5515
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 magnifying.png
www.proxysite.com/assets/images/ 10 KB
10 KB 318ms
317ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/magnifying.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: ecb0a51c8bccd33964654ecedc1115640eec2c15b217d843df9ed2c36d358060

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "2690-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9872
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 computer.png
www.proxysite.com/assets/images/ 7 KB
7 KB 318ms
317ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/computer.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 60738e0c21e145c63411dab779e72942f078ede817a5cdf57466ef0e61ff8d49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1b25-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 6949
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 magnifying2.png
www.proxysite.com/assets/images/ 7 KB
7 KB 209ms
208ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/magnifying2.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 0ac9094e17f405afb1a4cb915170e1051a048db8597a64460222f03fab4dcc76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1b58-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7000
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 logo-footer.png
www.proxysite.com/assets/images/ 2 KB
2 KB 319ms
318ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/logo-footer.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 938bb7a4fe2818088711d433b38bb086516f778d8614faaf479ac89cf62968ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "7b4-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1972
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 jquery.js Show response
www.proxysite.com/assets/js/ 95 KB
34 KB 320ms
319ms Script
application/javascript 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/js/jquery.js?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:12 GMT
server: Apache
etag: "17b8b-58465952b0993-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 33760
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 65f94d5.js Show response
www.proxysite.com/js/ 39 KB
10 KB 209ms
207ms Script
application/javascript 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/js/65f94d5.js?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: dc2261fa7fc402f3869461ab510796c6a45c58b4910d7eaaf674bfefd5274e6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:13 GMT
server: Apache
etag: "9a33-5846595353af1-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9611
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 145ms
86ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6efb7b936f94c216c528ca31cd995fabb7c82bbdfebf0afc8aa1fe816e6e2101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49359
x-xss-protection: 0
server: cafe
etag: 2093345263147645547
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 14:25:27 GMT

GET
H2 200 bg.png
www.proxysite.com/assets/images/ 236 B
768 B 215ms
215ms Image
image/png 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/bg.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 9428518d1b1c9e441b6dcf1effddc210ce3ab2d1e0913be29695e907b4c82c43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "ec-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 236
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 raleway.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 215ms
215ms Font
application/octet-stream 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 770da7643a54e06b63d0c10b9386c21eebe7fe791bbd43e760a9f763aa95d26f

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3ab8-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15032
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 raleway-semibold.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 215ms
215ms Font
application/octet-stream 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-semibold.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 3cee69d07c93d87ecbb03f206ddb86c9d4ba12638a18ed177de725be2eb8333a

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3b18-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15128
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 icomoon.ttf
www.proxysite.com/assets/fonts/ 3 KB
3 KB 215ms
215ms Font
application/font-sfnt 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/icomoon.ttf?-p3bna1
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7ffcb15458cc6d82ade6166ddb0788afe839679e06d01368d615e8f2c0c6a5f1

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "a7c-5846594185191"
content-type: application/font-sfnt
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2684
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 178ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E0) /
Resource Hash: c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 14:25:27 GMT
Content-Encoding: gzip
Age: 659
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=2
Content-Length: 29221
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
Server: ECS (frb/67E0)
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 71ms
23ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eb017893c619e7a0fdd41f2ac5376dbcee56cc6b09e1e7658ce292eec454925a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Dec 2022 14:25:27 GMT
content-md5: eQqH2iU+60exHCWY1LiB6w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: x9XuDKtt78vVuljFVak2G4VtmZVvZZZ1Im2l5HYDYjboGnzE2Uh01p6DB7ZX77Mqj6IzeDePALpDQm4vq9AEhA==
x-fb-trip-id: 917726464
x-fb-content-md5: 1d218e53cbe8016c243a2e1a9b073a90
cross-origin-opener-policy: same-origin-allow-popups
etag: "de62467125e8092839e793e0833e8cf9"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Sun, 11 Dec 2022 14:29:23 GMT

GET
H2 200 raleway-light.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 203ms
203ms Font
application/octet-stream 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-light.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: d3f154bd52d039a8d725c3a790c0887142a2963f09b28c6280e4629ca8521e93

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3a6c-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14956
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H2 200 raleway-bold.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 203ms
203ms Font
application/octet-stream 107.23.216.46
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-bold.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.216.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-216-46.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 724acb468e6daf873120d385f6717f09d84ffb51b33c81cb135597dad94ab4d7

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3aa0-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15008
expires: Tue, 10 Jan 2023 14:25:27 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 49ms
24ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=70cd13fc12fe472be55a8c16e8461da5

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

55d8c858136bb2be340ee5737bc6deea952a62599a4c1d9de65eec49e71d5831

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.proxysite.com/
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Dec 2022 14:25:27 GMT
content-md5: GWAY/B95/3HWcXOfoD2tUA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87000
x-fb-rlafr: 0
x-fb-debug: 9CkpAc2kioQPEyvYoe3N3U5FVzG/VN6KQvnBMoATubPRDukw+UdUiGwrXijNKnO03YZXDGPxWeKG2jM66ICD2A==
x-fb-content-md5: 1a02e2b2ba7d7abfbe5f7206a11be6a6
cross-origin-opener-policy: same-origin-allow-popups
etag: "fbd771c4e3846ced4966f62e8ed8f6a1"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 11 Dec 2023 11:15:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 76ms
21ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 11 Dec 2022 13:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4181
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 11 Dec 2022 15:15:46 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/ Frame 8682 10 KB
5 KB 73ms
21ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 58097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 22:17:10 GMT
etag: 10353107486223812946
expires: Sat, 24 Dec 2022 22:17:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/v2.5/plugins/ Frame 9C74 48 KB
18 KB 272ms
228ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df26ab71b5ecff8c%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ff29b9f77836f14c%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=70cd13fc12fe472be55a8c16e8461da5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f4eff5d156d2c257ac7c015552d66bf137f0b65517204d0ddffd5daf963cd156

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Sun, 11 Dec 2022 14:25:27 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v9.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 56fuFvfEVlvVSrzcitD7qK6DiJsIXZaxhqKWf+G7HFsJb5z7YJgi1A0joFXaCfLKQca+bBDS9/EZuJMknv1K+A==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H/1.1 200
OK widget_iframe.644279d1635fd969e87af94a98bd232b.html Show response
platform.twitter.com/widgets/ Frame 2581 320 KB
104 KB 20ms
20ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668B) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 291160
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Sun, 11 Dec 2022 14:25:27 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668B)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211300101/ 356 KB
117 KB 137ms
90ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5271052033776811&plah=www.proxysite.com&bust=31071113

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccc1c7567bc104604261d962eb6d79329dc403f8faccfd97a80d72dd2924e71a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119778
x-xss-protection: 0
server: cafe
etag: 10755560716459674844
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 14:25:27 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 69ms
27ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1375545885&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proxysite.com%2F&ul=en-us&de=UTF-8&dt=ProxySite.com%20-%20Free%20Web%20Proxy%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1214312384&gjid=1610548876&cid=671281270.1670768728&tid=UA-45368124-2&_gid=2000957023.1670768728&_r=1&_slc=1&z=1448045198

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proxysite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proxysite.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 2581 980 B
708 B 179ms
127ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=d2249a8839cb01e050041cef07e918e36d84b3af

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

0809dce74d140cdb75918db36517dfca9fee927aa704fd47ee48432aee8986b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-response-time: 107
date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sun, 11 Dec 2022 14:25:27 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 27da986f70de7afe
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: f736aa64181b92ea4f76c55c028dd3f4f7ccbcd3586e1d7a30e62f4f7d933b66
content-length: 386

GET
H/1.1 200
OK button.d2f864f87f544dc0c11d7d712a191c1f.js Show response
platform.twitter.com/js/ 7 KB
3 KB 22ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E0) /
Resource Hash: 236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sun, 11 Dec 2022 14:25:27 GMT
Content-Encoding: gzip
Age: 313260
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2362
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
Server: ECS (frb/67E0)
Etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
700 B 262ms
104ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.proxysite.com&callback=_gfp_s_&client=ca-pub-5271052033776811&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5271052033776811&plah=www.proxysite.com&bust=31071113

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3124f8c3554864904bc2587cdd296da9f581cb26dee63a1fbff8382464115340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 262ms
105ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 261ms
104ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0611 95 KB
32 KB 895ms
778ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727556&bpp=3&bdt=535&idt=253&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&correlator=2501798545303&frm=20&pv=2&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KgavVMfs3p&p=https%3A//www.proxysite.com&dtd=274

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be369447b2ff86e0b119c7ad6d88e3e633edf0f3d5e1cd7f39ba6164a134d306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33026
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:28 GMT
expires: Sun, 11 Dec 2022 14:25:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FFDB 95 KB
32 KB 726ms
609ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727559&bpp=1&bdt=538&idt=279&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wq8IPrknzr&p=https%3A//www.proxysite.com&dtd=283

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef028dcbc3214c674607e469f6eee67978100c94a963ea1ca7a09fef5dc211e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33193
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:28 GMT
expires: Sun, 11 Dec 2022 14:25:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 9C74 299 B
523 B 23ms
21ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df26ab71b5ecff8c%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ff29b9f77836f14c%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: Zp2GcU+v4gHQBi7cBKhNtWYpayYwoVN+va2BneAGGoYk0V7qwXdgo2qls1ERihiv8+WtH9OmLKALvYNqNF4Peg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Mon, 11 Dec 2023 07:02:51 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6756 23 KB
10 KB 507ms
391ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670768727&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727560&bpp=1&bdt=540&idt=293&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=79TDpp2lE5&p=https%3A//www.proxysite.com&dtd=296

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd0a588d42e8e6160cf5c6e0d781ca484cbc4476c73859380cae42a8d2468e4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10278
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:28 GMT
expires: Sun, 11 Dec 2022 14:25:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5kP4k-SVu2a.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yQ/l/en_US/ Frame 9C74 524 KB
135 KB 221ms
104ms XHR
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yQ/l/en_US/5kP4k-SVu2a.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5042032c95f97e57f0bc66111c57f1e0674276a75b6f456b46830a34f0acb2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:27 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Xstm/8zciYqxESDkgcUe8Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137963
x-fb-rlafr: 0
x-fb-debug: ThxJV6oFngGLNPeJqlXx8hiOYugXU0oj76FK1fBqKB6Eo7bhV8+0rbsv4eizR+mpi4gYRD5XQDDrI1/n3dRKbA==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 09 Dec 2023 22:06:30 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5E3E 130 KB
37 KB 824ms
708ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&adk=1812271804&adf=3025194257&lmt=1670768727&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.proxysite.com%2F&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727561&bpp=1&bdt=540&idt=302&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280%2C728x90&nras=1&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=308

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b4cb972f55cbc603ce89fc5f7bc7f674f7d05bbcbbbd2b1e18f41bfe0432b35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 37518
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:28 GMT
expires: Sun, 11 Dec 2022 14:25:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK tweet_button.644279d1635fd969e87af94a98bd232b.en.html Show response
platform.twitter.com/widgets/ Frame E0A3 37 KB
14 KB 20ms
20ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E0) /
Resource Hash: e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 313260
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13753
Content-Type: text/html; charset=utf-8
Date: Sun, 11 Dec 2022 14:25:27 GMT
Etag: "126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67E0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
104 B 199ms
198ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.proxysite.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1670768727884%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=d2249a8839cb01e050041cef07e918e36d84b3af

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-response-time: 118
date: Sun, 11 Dec 2022 14:25:27 GMT
strict-transport-security: max-age=631138519
last-modified: Sun, 11 Dec 2022 14:25:27 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 7e7d104b5c31d635
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: f736aa64181b92ea4f76c55c028dd3f4f7ccbcd3586e1d7a30e62f4f7d933b66
content-length: 43

GET
DATA 200
OK truncated
/ Frame E0A3 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6756 42 B
63 B 165ms
165ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CurrFEU32AF7uPTqk9qqBrQrzZdMaHdY8p1RQ0MHdcWAQqKlONzpuW_5mjt-JFN_-dWNA5xRl-A9CeB-k6REXzuXrIAJebm_U6OW8EFNI4lMtCHcY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670768727&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727560&bpp=1&bdt=540&idt=293&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=79TDpp2lE5&p=https%3A//www.proxysite.com&dtd=296

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 6756 3 KB
1 KB 94ms
27ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20617
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 6756 18 KB
8 KB 87ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6756 153 KB
47 KB 100ms
51ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 6756 23 KB
9 KB 89ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5094 624 B
246 B 57ms
57ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUBXUwGmmoBpOOx-Uvg7w1un1rH9cUzqw9hs_osvB8L9WDM3eCAKa4FaxxZhdpBXV8lT012C96UvbNFzR-beD1TQxpLEsBRskO2p00nzNXk34ua0GwLt5t7267baodVUjRukFI_Dq4Orvev6pdHetKgVC9W4t25n35O-OSFBcWVUZc5Yko

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670768727&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727560&bpp=1&bdt=540&idt=293&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=79TDpp2lE5&p=https%3A//www.proxysite.com&dtd=296
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:28 GMT
expires: Sun, 11 Dec 2022 14:25:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6756 67 KB
32 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-COrgg3TeXIwSFUEbHwwGsE0vMe84HagR4pELsOzCU5cTzLEdBK45a2ujIPW8D9Qw0w_6EyQaR-014QaFiNkxwdiKIpyw&cry=1&dbm_d=AKAmf-AUc3xfiM7l0WwcNH8qlok1rXOHE4DvZvOxDJq2blDJjopBcSQZuXzZqTDMVqfYY-Ia47qNbBm6fnHyMMv2bUMA1YJctmb15ZTsuUlIe7_whqmVYJi9mNo6cKv4YftEQcxs4IQZxC813dE3bW0hOpmh42wFJaUb4GQi7auMiv8Nhf38UqX5oQbssNL0SvrVUNO1lXeyN1w_9FqNcJVoa4hz33joUNmIgiEzkqR6JxaRXQ3zKQTii6Ymvt8OlSaR37rwgLnScKQ2zdwRMwfDr9-5VBj8CYofAy3X_Bp1tfGxgS9Fg2ZkWy6J3R7lu3nvb1Y4U81IBo_kVsOwmBEUxktleLgo9L2rRkWhK68GTpnTxRvxui1teQLiZ5--kA7tbSysiJOaUJLyrb1AoPHHiUPQCc0Wmf2J1SRANx30Aowm2YP_qRL6nNtyYg5Pd7tCo7VKTvA6EGShgRWFZ9O0UM-ND3czOg7ErtnfHTXioY7b-e6JF5FZjgTbaYGPcaNDa_zInAwq_eYvVbtFg_sWBr_Wq2DaGVvkBJyO38QOc1K9zfLOYPp8WK3jnOhFoZPo_I0xf4cnY3oW7iyrRfr0wMbQiWc1VSJmyqfEF360EUKbDwPD3q9PmwDn1YywlPcMdnWiyleLj2nEaTSaj00fvNI639jouR9umHmC8tLh6GY2x_rKX-MzjOsp45hNkDnlUmpUcQ_iXuuUazb-f9R4AWKYeS5GwAn_ogFhroOzudHAr7fuuF6UjVo1oXzKOlg6hi_ZYHIM8Vqz4C8M8aE-yq1CLDj_HXAgcbcXH8CcKiq4l9PFUTfzoEw_iVyp24NuFobQ_D2ux49iSzgs9kbjHYvcvZbO9Gz2S5fkDooLjaifEJO-Gc3k1HmlOFG4YEfDbE4Lz69IjfFQZ1wp5iSf0BGUv-1UrhvupUq2cRStMtoZ6vM5vM79_pmfalYLQwf-oVBsdEd3mD74NetHToyltommhsbdefGaEcVVFk4eD2jW0xZZMdnhvwzuWehilA9OFr_ubkKZ37g22tO1wHewpASVJ2MRTftThrs5CoVV1L7T8xOy0N_52udgP3gJaD6xmpgMhIWtDPzVp7boCtztlMOFOWlLZ1xvixSBnx9SEYr1abXD0NOBiElzJY1FRqS9a6hy7bVvXchWHEwx2QpyNXl_l1sL0n6HBun9G8xpbENuRfAw7aW_ZvivvaxFlXXf4WV5F7uUPq9OK-ghhVwYLxR_1NKt-4jK9vI-ZTFwqhtnxR2MagQpJNwwejKL3HohICAdtSgDxwEoOu9d7LN1penqrvIFoxmHxJRW2UW91opZHrHievQ2PDEH4RJij_ecy47k09OhopE-JxW8WEy1euxKXpHg4nPEsxwBatdG9fnYFyCj6gVXsirYGYQPevhUMQN9qTivuxEi3oux9R34H9UKYQ0PwnWosmkoRevx4djtxJk7rsifV1LfHe-4iy2jixELROJe9n-H8hjgCNE8DlNcs_npymrnL0F1CKsXjcYkWz02xWGTOQ58TxVhaTdClfiwKj7sDAG5jsIzYIQXeFF6_8ZP0Paz3_pZSUt-KbgLuExiPyP0Fd93IRBmKmrg9WTyP14RqBLXRgWJAy_qzaKCJXHiR3IrOu1HPwBSO2zrLHEcokCjTC14ojuCX3zt-OnOj1j14MOyxMVKbrvGBi4MFivNMUao6j31-9vdJCLD6FEgAnPqfvasWO-6TGIHUm3T1HNcngAR3SUhJ_9jRRBub1UnouxNbHzenprzrYsHfvjiwa6evijLJKXQ-_Ps6-EfQXFKw_4jWLVGD0ztBrl9UoIiC71H6cRdO1A32M7SDJ_w992In4QLh_pZAAZ9zEjm0IVTdNgYRlaw0Fi3JWGuq3Rro65asTvZvtilueVrDp0IRv4r5i4zjZUiKufzabtLFSXvN5v-lAiouZzuIYEwK_1We54P0tLZJtOtcjE2SM4eRrMPoWVoVnk_HTmNDt_ruDMmrC7tHIAT0s4CL8Cw_twhwfreriMC_RgbZXLzAYj3w67VeOuNh-gym7skD_S8F3-pGdqYtC74mI95nOanMyNHh2PjCCXPaf2qK4WYufhOQcZu7Sw3b6zI9Sg7yz56Uq58ngbyAs-IaqwvbjbVSnC9n2LeBpR4mLE1-aEfsB0Uy1haDUaeIg7-vHgBOdGfaDgbB8vUq-HMqBBpv9oBo0hgVeIqfWOY05zPDQEe1hVuihl1Gue94fbh4Gy6bwVmCaI-aOd9AhZy_7W6NfqpMW2JxEJ3B2a6-oLPjUBtK34jsXxtQJ7jt8ndRVeslw3CwFg8eN3WMMNVAZzBplLgizTBzwGFfcbFdT0rvWuLFI268wG9Dbem4b2D5pqwBQeaumlliV9dpVLtP6JzzyzcTPdU35hXpu75HxY0QwcSc02oDedaNiivz3s2Gd0eVCVwOHWj1-jfO7cJjdF5IALvIMTdzOMGWjfL3m8pgu1_ZYTRQ16gh96Dv5ft7SuSNE3Ij5co1eoeeBRcAW65z97DvBw5V108VRQSv7BnIdmZuK9BLewcGDAMFlEnhPemanQsyFfFoWQtfZiuOv_gNLK9_oeMbG8cSBkolVFB9jlwmrHt6Vqd6mtl9b56-bLJYRfwFAsTDrH3xn1r-HsXK83FG6Ke-xrii8T634y5M_78_NEhKEbLJx2AcuWU_AEhTr4E9JtiLdGwKSqM3jfcqpNKWJ8fR8vDkVKl4ZR4CQD9RBlERXFwRgArwfWCNFMo4FT9bA2Xcqk4TNSLgVkjuvQVCAWZyTtRXl5Ay7AgSW0UFBgV2huFqSn1fSSxPykR00WQrj-E9-QPVjTmT_BHiYB1H-221KVSMccd8HWJ9b8b99OhXWlERIQYNxDFVToZ5sPiyx1_Guz0Y9rqZxsu70SaXiXOcsNl1Svrc_f1ZsDJ4LoJSYZe6S7ayPg39okK-QSEhe7keGx3_iJe4qZJuFV25PdqbqxdFszvc09vi8crDdQPqZAK8238AbCmSDMDi0O7WsIKpH1fHSoEduRbfzngbvCEKc-D4_3XsnwXpZCoT982lVkVIMl13vqAzFHWs4C5hrCY8gbqoxwzTnzbykkWlmhiNdyZtXvL-Nc9ZFJVMoTJdjvYf1Z7ptxUQzUtK-LaxSqGwjAblZpCAQ0udKxtOb7PBw&cid=CAQSGwDq26N9DMl1EEjBYaKMZowsridoTov0QNRFehgBIBM&rfl=1%2Chttps%253A%252F%252Fwww.proxysite.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24c0b35e55ea0b3943ac09f528678664df90fa96bc337f0580ec4e5f639b7d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670768727&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727560&bpp=1&bdt=540&idt=293&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=79TDpp2lE5&p=https%3A//www.proxysite.com&dtd=296
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32947
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5094
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcJwHQmRuXwSwcbB6zg_8E&google_cver=1

43 B
766 B

40ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcJwHQmRuXwSwcbB6zg_8E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUBXUwGmmoBpOOx-Uvg7w1un1rH9cUzqw9hs_osvB8L9WDM3eCAKa4FaxxZhdpBXV8lT012C96UvbNFzR-beD1TQxpLEsBRskO2p00nzNXk34ua0GwLt5t7267baodVUjRukFI_Dq4Orvev6pdHetKgVC9W4t25n35O-OSFBcWVUZc5Yko
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcJwHQmRuXwSwcbB6zg_8E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5094
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5XoWK2wOEvh.w0FiCTXlQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2

43 B
766 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUBXUwGmmoBpOOx-Uvg7w1un1rH9cUzqw9hs_osvB8L9WDM3eCAKa4FaxxZhdpBXV8lT012C96UvbNFzR-beD1TQxpLEsBRskO2p00nzNXk34ua0GwLt5t7267baodVUjRukFI_Dq4Orvev6pdHetKgVC9W4t25n35O-OSFBcWVUZc5Yko
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5094
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

43 B
1018 B

28ms
27ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUBXUwGmmoBpOOx-Uvg7w1un1rH9cUzqw9hs_osvB8L9WDM3eCAKa4FaxxZhdpBXV8lT012C96UvbNFzR-beD1TQxpLEsBRskO2p00nzNXk34ua0GwLt5t7267baodVUjRukFI_Dq4Orvev6pdHetKgVC9W4t25n35O-OSFBcWVUZc5Yko

Protocol

HTTP/1.1

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:28 GMT
AN-X-Request-Uuid: 44955116-0d74-42a2-bb8b-120566bca5c1
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.29; 217.114.218.29; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5094
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

170 B
188 B

35ms
33ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:28 GMT
AN-X-Request-Uuid: 56cbe431-e243-4999-8f59-3e92ee7a8e50
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.29; 217.114.218.29; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 6756 30 KB
11 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-COrgg3TeXIwSFUEbHwwGsE0vMe84HagR4pELsOzCU5cTzLEdBK45a2ujIPW8D9Qw0w_6EyQaR-014QaFiNkxwdiKIpyw&cry=1&dbm_d=AKAmf-AUc3xfiM7l0WwcNH8qlok1rXOHE4DvZvOxDJq2blDJjopBcSQZuXzZqTDMVqfYY-Ia47qNbBm6fnHyMMv2bUMA1YJctmb15ZTsuUlIe7_whqmVYJi9mNo6cKv4YftEQcxs4IQZxC813dE3bW0hOpmh42wFJaUb4GQi7auMiv8Nhf38UqX5oQbssNL0SvrVUNO1lXeyN1w_9FqNcJVoa4hz33joUNmIgiEzkqR6JxaRXQ3zKQTii6Ymvt8OlSaR37rwgLnScKQ2zdwRMwfDr9-5VBj8CYofAy3X_Bp1tfGxgS9Fg2ZkWy6J3R7lu3nvb1Y4U81IBo_kVsOwmBEUxktleLgo9L2rRkWhK68GTpnTxRvxui1teQLiZ5--kA7tbSysiJOaUJLyrb1AoPHHiUPQCc0Wmf2J1SRANx30Aowm2YP_qRL6nNtyYg5Pd7tCo7VKTvA6EGShgRWFZ9O0UM-ND3czOg7ErtnfHTXioY7b-e6JF5FZjgTbaYGPcaNDa_zInAwq_eYvVbtFg_sWBr_Wq2DaGVvkBJyO38QOc1K9zfLOYPp8WK3jnOhFoZPo_I0xf4cnY3oW7iyrRfr0wMbQiWc1VSJmyqfEF360EUKbDwPD3q9PmwDn1YywlPcMdnWiyleLj2nEaTSaj00fvNI639jouR9umHmC8tLh6GY2x_rKX-MzjOsp45hNkDnlUmpUcQ_iXuuUazb-f9R4AWKYeS5GwAn_ogFhroOzudHAr7fuuF6UjVo1oXzKOlg6hi_ZYHIM8Vqz4C8M8aE-yq1CLDj_HXAgcbcXH8CcKiq4l9PFUTfzoEw_iVyp24NuFobQ_D2ux49iSzgs9kbjHYvcvZbO9Gz2S5fkDooLjaifEJO-Gc3k1HmlOFG4YEfDbE4Lz69IjfFQZ1wp5iSf0BGUv-1UrhvupUq2cRStMtoZ6vM5vM79_pmfalYLQwf-oVBsdEd3mD74NetHToyltommhsbdefGaEcVVFk4eD2jW0xZZMdnhvwzuWehilA9OFr_ubkKZ37g22tO1wHewpASVJ2MRTftThrs5CoVV1L7T8xOy0N_52udgP3gJaD6xmpgMhIWtDPzVp7boCtztlMOFOWlLZ1xvixSBnx9SEYr1abXD0NOBiElzJY1FRqS9a6hy7bVvXchWHEwx2QpyNXl_l1sL0n6HBun9G8xpbENuRfAw7aW_ZvivvaxFlXXf4WV5F7uUPq9OK-ghhVwYLxR_1NKt-4jK9vI-ZTFwqhtnxR2MagQpJNwwejKL3HohICAdtSgDxwEoOu9d7LN1penqrvIFoxmHxJRW2UW91opZHrHievQ2PDEH4RJij_ecy47k09OhopE-JxW8WEy1euxKXpHg4nPEsxwBatdG9fnYFyCj6gVXsirYGYQPevhUMQN9qTivuxEi3oux9R34H9UKYQ0PwnWosmkoRevx4djtxJk7rsifV1LfHe-4iy2jixELROJe9n-H8hjgCNE8DlNcs_npymrnL0F1CKsXjcYkWz02xWGTOQ58TxVhaTdClfiwKj7sDAG5jsIzYIQXeFF6_8ZP0Paz3_pZSUt-KbgLuExiPyP0Fd93IRBmKmrg9WTyP14RqBLXRgWJAy_qzaKCJXHiR3IrOu1HPwBSO2zrLHEcokCjTC14ojuCX3zt-OnOj1j14MOyxMVKbrvGBi4MFivNMUao6j31-9vdJCLD6FEgAnPqfvasWO-6TGIHUm3T1HNcngAR3SUhJ_9jRRBub1UnouxNbHzenprzrYsHfvjiwa6evijLJKXQ-_Ps6-EfQXFKw_4jWLVGD0ztBrl9UoIiC71H6cRdO1A32M7SDJ_w992In4QLh_pZAAZ9zEjm0IVTdNgYRlaw0Fi3JWGuq3Rro65asTvZvtilueVrDp0IRv4r5i4zjZUiKufzabtLFSXvN5v-lAiouZzuIYEwK_1We54P0tLZJtOtcjE2SM4eRrMPoWVoVnk_HTmNDt_ruDMmrC7tHIAT0s4CL8Cw_twhwfreriMC_RgbZXLzAYj3w67VeOuNh-gym7skD_S8F3-pGdqYtC74mI95nOanMyNHh2PjCCXPaf2qK4WYufhOQcZu7Sw3b6zI9Sg7yz56Uq58ngbyAs-IaqwvbjbVSnC9n2LeBpR4mLE1-aEfsB0Uy1haDUaeIg7-vHgBOdGfaDgbB8vUq-HMqBBpv9oBo0hgVeIqfWOY05zPDQEe1hVuihl1Gue94fbh4Gy6bwVmCaI-aOd9AhZy_7W6NfqpMW2JxEJ3B2a6-oLPjUBtK34jsXxtQJ7jt8ndRVeslw3CwFg8eN3WMMNVAZzBplLgizTBzwGFfcbFdT0rvWuLFI268wG9Dbem4b2D5pqwBQeaumlliV9dpVLtP6JzzyzcTPdU35hXpu75HxY0QwcSc02oDedaNiivz3s2Gd0eVCVwOHWj1-jfO7cJjdF5IALvIMTdzOMGWjfL3m8pgu1_ZYTRQ16gh96Dv5ft7SuSNE3Ij5co1eoeeBRcAW65z97DvBw5V108VRQSv7BnIdmZuK9BLewcGDAMFlEnhPemanQsyFfFoWQtfZiuOv_gNLK9_oeMbG8cSBkolVFB9jlwmrHt6Vqd6mtl9b56-bLJYRfwFAsTDrH3xn1r-HsXK83FG6Ke-xrii8T634y5M_78_NEhKEbLJx2AcuWU_AEhTr4E9JtiLdGwKSqM3jfcqpNKWJ8fR8vDkVKl4ZR4CQD9RBlERXFwRgArwfWCNFMo4FT9bA2Xcqk4TNSLgVkjuvQVCAWZyTtRXl5Ay7AgSW0UFBgV2huFqSn1fSSxPykR00WQrj-E9-QPVjTmT_BHiYB1H-221KVSMccd8HWJ9b8b99OhXWlERIQYNxDFVToZ5sPiyx1_Guz0Y9rqZxsu70SaXiXOcsNl1Svrc_f1ZsDJ4LoJSYZe6S7ayPg39okK-QSEhe7keGx3_iJe4qZJuFV25PdqbqxdFszvc09vi8crDdQPqZAK8238AbCmSDMDi0O7WsIKpH1fHSoEduRbfzngbvCEKc-D4_3XsnwXpZCoT982lVkVIMl13vqAzFHWs4C5hrCY8gbqoxwzTnzbykkWlmhiNdyZtXvL-Nc9ZFJVMoTJdjvYf1Z7ptxUQzUtK-LaxSqGwjAblZpCAQ0udKxtOb7PBw&cid=CAQSGwDq26N9DMl1EEjBYaKMZowsridoTov0QNRFehgBIBM&rfl=1%2Chttps%253A%252F%252Fwww.proxysite.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82037
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 6756 8 KB
3 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6756 0
0 139ms
66ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssmPCBJ-sxE3hOZJ5eQQyPmuaRp8XL1mbeiZ23-8tEsc7tC1HEZ1sIg4ZWrxvcy_wfKThb95qEQvZU3kEllleSHAupfEQaxwzNRHJdOXMkibxIWI4a_9cj55i0LUNM4iuQ2uZP6wv0XHU_5foaX55t9wQw-vQKbOlGt39DQCeVxbL9sn_0iOHj_w_RLcH4EXJoDcGtgPD2X01WL354nxFyMbxft_m_iBMzOm6cQi5uwXmg8PwslZRCFyRhCgdzOPe1Oxp0ne_yiZYhq19zH3EOIo6epbFe5fvMihSzTtcjjtOi-AL--ekKOWiq6EgS7-U44fVeOQMc7YQqSFMscwXqqcv2C_VymkxMuttcz-TgTMoCGexbdR_9bzkoeJiruMsagIAW72CyYgcDb6QBazRb83Imv64qxCLhrwuaJzbVQCj6iBM5tGmX2frY6jf2ZzzBwKN_S3rKzqXNxVXLv1wy7wWpgthUgpe0NB2W9YBtDoJM0y5SNrsxSgUD424TgRIUaGw5YN1-N5As5imu5R0Na0JA3hie98iPtxgP9bJtpOz0F65IbtFqB_YJQuMIRc0tsqMRmbUGduYqJfVMWoB2B0DaWJBVplBvq1Ahc3T8bPRpX1UVcDKlEUaymr79nY3ofzoBjvoEb0qnE5t1GOkqfiKgILbIJkR6K5uVt2WJz0VcmR6mOr0fdK-KRnWatn1CuMxV5GXKCpBQbVUZacijYDvH-Nr3_AbgOMNLWZEBe9fnkOqdXEVZmOYOJV-CZMNweQpTcez8UAghW7MoOc8Qq_aUO3Z6cUyyZ_s-ty7qwVtXWZMFKSqbEsHwVrMGBNpiYb4xKNkxhawfZpY0mkQ8U53FtwoF_QlHydfo_POELezU4tJwhGEdg6l4Yx8q2hgS8B4RqnR3J-HtzIh35iUP5K8rn0ylG8-OoSXlPPYEQDzU8ROVHsIiLM7TRFkBl_L0-IGw5EKFF1w6HR576z6_M6T0FG0XoJGDJSrh3dnXqYZc_V9ofbnywnNISNBws0m_w2ge7B6UVnKPsI6w9-T5bNsKNx4SIdZ-i7CyAYQTwt15nu7diAYPLHFXeS0gfBCrehT-Mg7RJs2HRGkGXteomSh2hX-iTc6lMQ7c8FA-J5y18bUrZiEf_cTEiHnu5iAu5Wx2bLGSYGcimd7Qfxd5_0vsI0DHDU0dnUkaqzuJsfKFioB4eObYCwxR7FCYzFFpU_FQLCmL-zYEcr4RdZvjPQ8FTrcQQbV2k_-39n4aHx-h3nus&sai=AMfl-YQh0HYNteyCyjc-tAmZJoGKqqPlHUB3KuE9cRyTzUBZSCBODobrh5BlcFJrZ0BS2iKphrXEbmIRSpDEVe8ldNG_e7yJxQGMYJ6zfFBWoQ0tTsTyfUZbD6cwRvTvItDDZUur211iR48YAyNHn80t1kHLA50LG7bHxJgon2y1m7VCSSJhd4E00CDVTpgXiKd8IENH58dShaVu9_UPsg&sig=Cg0ArKJSzK_ReAOaQjAAEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221206.54927&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6756 41 KB
15 KB 68ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 07:06:25 GMT

GET
H2 200 3224642712769903581
s0.2mdn.net/simgad/ Frame 6756 22 KB
23 KB 88ms
22ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3224642712769903581

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82a6d26513f870f1310630d34c6022c40c132836db8f66e39d01e681eebf9e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 05:18:28 GMT
x-content-type-options: nosniff
age: 464820
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22956
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 10:17:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 05:18:28 GMT

GET
DATA 200
OK truncated
/ Frame 6756 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11fa6b5a669c5ce3c47f4b4163de4630ad546255a544643a5822ef0bc71a1417

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D353 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66014
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 20:05:14 GMT
expires: Sun, 10 Dec 2023 20:05:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6756 0
0 59ms
59ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssmPCBJ-sxE3hOZJ5eQQyPmuaRp8XL1mbeiZ23-8tEsc7tC1HEZ1sIg4ZWrxvcy_wfKThb95qEQvZU3kEllleSHAupfEQaxwzNRHJdOXMkibxIWI4a_9cj55i0LUNM4iuQ2uZP6wv0XHU_5foaX55t9wQw-vQKbOlGt39DQCeVxbL9sn_0iOHj_w_RLcH4EXJoDcGtgPD2X01WL354nxFyMbxft_m_iBMzOm6cQi5uwXmg8PwslZRCFyRhCgdzOPe1Oxp0ne_yiZYhq19zH3EOIo6epbFe5fvMihSzTtcjjtOi-AL--ekKOWiq6EgS7-U44fVeOQMc7YQqSFMscwXqqcv2C_VymkxMuttcz-TgTMoCGexbdR_9bzkoeJiruMsagIAW72CyYgcDb6QBazRb83Imv64qxCLhrwuaJzbVQCj6iBM5tGmX2frY6jf2ZzzBwKN_S3rKzqXNxVXLv1wy7wWpgthUgpe0NB2W9YBtDoJM0y5SNrsxSgUD424TgRIUaGw5YN1-N5As5imu5R0Na0JA3hie98iPtxgP9bJtpOz0F65IbtFqB_YJQuMIRc0tsqMRmbUGduYqJfVMWoB2B0DaWJBVplBvq1Ahc3T8bPRpX1UVcDKlEUaymr79nY3ofzoBjvoEb0qnE5t1GOkqfiKgILbIJkR6K5uVt2WJz0VcmR6mOr0fdK-KRnWatn1CuMxV5GXKCpBQbVUZacijYDvH-Nr3_AbgOMNLWZEBe9fnkOqdXEVZmOYOJV-CZMNweQpTcez8UAghW7MoOc8Qq_aUO3Z6cUyyZ_s-ty7qwVtXWZMFKSqbEsHwVrMGBNpiYb4xKNkxhawfZpY0mkQ8U53FtwoF_QlHydfo_POELezU4tJwhGEdg6l4Yx8q2hgS8B4RqnR3J-HtzIh35iUP5K8rn0ylG8-OoSXlPPYEQDzU8ROVHsIiLM7TRFkBl_L0-IGw5EKFF1w6HR576z6_M6T0FG0XoJGDJSrh3dnXqYZc_V9ofbnywnNISNBws0m_w2ge7B6UVnKPsI6w9-T5bNsKNx4SIdZ-i7CyAYQTwt15nu7diAYPLHFXeS0gfBCrehT-Mg7RJs2HRGkGXteomSh2hX-iTc6lMQ7c8FA-J5y18bUrZiEf_cTEiHnu5iAu5Wx2bLGSYGcimd7Qfxd5_0vsI0DHDU0dnUkaqzuJsfKFioB4eObYCwxR7FCYzFFpU_FQLCmL-zYEcr4RdZvjPQ8FTrcQQbV2k_-39n4aHx-h3nus&sai=AMfl-YQh0HYNteyCyjc-tAmZJoGKqqPlHUB3KuE9cRyTzUBZSCBODobrh5BlcFJrZ0BS2iKphrXEbmIRSpDEVe8ldNG_e7yJxQGMYJ6zfFBWoQ0tTsTyfUZbD6cwRvTvItDDZUur211iR48YAyNHn80t1kHLA50LG7bHxJgon2y1m7VCSSJhd4E00CDVTpgXiKd8IENH58dShaVu9_UPsg&sig=Cg0ArKJSzK_ReAOaQjAAEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=121&vt=11&dtpt=120&dett=2&cstd=0&cisv=r20221206.54927&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FFDB 8 KB
1 KB 80ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727559&bpp=1&bdt=538&idt=279&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wq8IPrknzr&p=https%3A//www.proxysite.com&dtd=283

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 13:02:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame FFDB 2 KB
765 B 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame FFDB 23 KB
9 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame FFDB 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20617
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame FFDB 18 KB
7 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FFDB 153 KB
47 KB 208ms
164ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H2 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame FFDB 34 KB
14 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FFDB 0
0 63ms
63ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmjbDWOiVY9DmB-6W78EPgsawsAvJ5q7AbYfcpeyTEfar8oz4NRABIIHzkylglYKAgKAHoAHnp5jfAsgBCakCmpJZifmusT6oAwHIA8sEqgTIAU_Qcu6u3PXKzNNna5H4CiT7D5L6MwY7_II7ZFIADz9owFmI3D2EjeYeHzW7byQHfsL0qIxqNJcvNpy-RUJVkKKldE5bHN9S_xY6yLEsRqQNCceJb61gn9O39zIeFDlkIrzekIFzTgN0u2H3QAwDUDVD0-sXcfObptkC9SAOZUqHrrvtUAid9Cc8hNFP2qtb8FiHwYTPfV7tvG0TgyuHOC2C5SsEqkLwxUCs9oI95dnkjKp2OOTziGFIG-lqELrDlumLgZfspWWmwASgoJCv3gOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHgdjnoAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCPpQfSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi01MjcxMDUyMDMzNzc2ODExGAA&sigh=AwOS9nKeY_0&uach_m=[UACH]&cid=CAQSGwDq26N9Y-UDP1r_jAVKQj_fuEOBG8y0PbpT8BgBIBM&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727559&bpp=1&bdt=538&idt=279&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=wq8IPrknzr&p=https%3A//www.proxysite.com&dtd=283
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame D353 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73894
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16219658952005295331/ Frame FFDB 25 KB
25 KB 23ms
21ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16219658952005295331/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96ea283c1c37c5d7d4177bb32764f2873c8c9ef60923b637091f7afb1eac94ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 16:32:47 GMT
x-content-type-options: nosniff
age: 510761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25091
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 14:53:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 05 Dec 2023 16:32:47 GMT

GET
DATA 200
OK truncated
/ Frame FFDB 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame FFDB 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame FFDB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a5c0c0b910e6d77f4260b98845217689efab91be77ed67e92fcb9e4d26608da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211300101/ 150 KB
51 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211300101/reactive_library_fy2021.js?bust=31071113

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfab7aa5fe1178e68f2e2d3b59d13fd3c77cdb506d5355af36d69ff8400d6168

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52351
x-xss-protection: 0
server: cafe
etag: 5518612134426012168
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 165ms
165ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=1&c=ca-pub-5271052033776811&eid=44759876%2C44759927%2C44759842%2C31071113

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 75ms
31ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 74ms
30ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D4F9 87 KB
32 KB 492ms
487ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4efefe655420ba24822b4211332377fce95be90c0c4748e5053804407df93c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 32413
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D809 30 KB
11 KB 420ms
416ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1e51a750ffe5d313e47183fb9ab52edfc90a6f72dabb017e600303900673c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 11213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CB19 85 KB
32 KB 508ms
504ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22d52950042f336fa4fb44060b0591eba74da449d2442ffdb347c6a0a92df98a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 32373
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 164ms
164ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=3&wpc=ca-pub-5271052033776811&warn=13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20221207_093944&sat=1670765253753&afm=0&as_count=3&d_count=0&ng_count=0&am_count=3&atf_count=2&mdns=0.174&alldns=0.288&allp=34&fd=(0%2C26%2C9)%2C(2%2C0%2C0)&pgh=3744&abl=false&rr=n&su=www.proxysite.com&pvc=3484705495856268&r=0.1&eid=44759876%2C44759927%2C44759842%2C31071113

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D353 0
20 B 171ms
171ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BzMwfWOiVY7fBH-On9u8P8vOJMAAAAAA4AeAEAg&bg=!jI-lj8vNAAYgquz3AKo7ACkAdvg8WgI21Uo5AYKfnf_Zg1S3d9A98kevj0c2nIROOADEYXdHKdkp8gIAAACCUgAAAAZoAQeZAtVvzqtmaFEPQk-dVjG_2QDVRlKuB2v9yziur8beF2QzQnF814HNLeUl7gdhJPxTq46ZJNjjkOYGaaDosaVxUC935I2MaYaDAWZK7yQm3oyev7d4WdjymmOcp_LS0Jb0I9oa9OY6f16PPmZQsqCueIPKokDWddlLyZEc_jVz3Gg-dlJFj7PmW7AUSzFIYdNo3S7DFZX_g0b9ih-H8aq7bnHxbZuURMYMfW8jV5jrUhj7psqR589B-u1r6q4jOxPlVCl3tnR-7mwlXLNEPOe3C33y78W-qkieV_ZUhGSFYMtuVQGrLayqRoAPj2JuU_o_VL2Eguc7G_lUKRFdAUn5XKrlbwqcqziOW8NudpURZCuBaFE-Yq9rrBFDxoZPjWr48acAdLjpLkGBXcQbi7O7J7HBBK8QhLAzVTutBP36LZTgwaZBS9ngYLAoU1Fk7iOljuBMD8E7_9NXjajn1Hsfi4axBZThRnm3Ilq-DcIhTqMdDnNWm9gVthoLqec1NUioS8eFu3lvB4pK-t9WlSP35RIhogVBm33fLTSy-0hzefR1AJCz_dwVjKuLy8s5NsCevRoYLEL5bsG6WsdU7O075sK03ANsWDlNKdSD8S8YkVU_E03G-07kg3wZy4pcN_eazHPxsjr81Ob40ybVRen_8BAntuRTC1zUx2li44nEpiDDN8ekUKCnwD6hlUdW1DyRRHAlm-lfctkQxH17rqL5KfUpyN-4TO6QjB9A0v4QLvAomlMpPJnJSiFgkv8b3EXS9Kvwos9OnLPIszUxFI4eaVQFA7ALwIvDr9HFWDwPxCeX55yYRMJa0oANgP849334mueE9ECqbfQhDrykOjwADDICb4ViMO4yHoOQfF9euFjKdRWUdt03GtPXybJr2cOC5lsGrgJnjmOLOuV_Pg-4HCf8aaVwxW4OkI1wtz9Rm0sYqCusEbSl_4u-6qws2S9dE_MO8QP3yQ

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0611 8 KB
895 B 72ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727556&bpp=3&bdt=535&idt=253&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&correlator=2501798545303&frm=20&pv=2&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KgavVMfs3p&p=https%3A//www.proxysite.com&dtd=274

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 12:50:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 0611 2 KB
765 B 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 0611 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 0611 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20617
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 0611 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0611 153 KB
47 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame 0611 34 KB
14 KB 63ms
21ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame FFDB 28 KB
28 KB 78ms
21ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:03:51 GMT
x-content-type-options: nosniff
age: 364898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 09:03:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0611 0
0 65ms
65ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ccb8mWOiVY4n4B4m26wS9kprgDsnmrsBth9yl7JMR9qvyjPg1EAEggfOTKWCVgoCAoAegAeenmN8CyAEJqQKaklmJ-a6xPqgDAcgDywSqBMsBT9CI8ID0y7wAjVmrTDLMMXRc3rZWeYdClHtLIRJTf19OQmPC_DE5dOFR6g2lyGbcKaEcJvyr_Qo2xylkI3bMuxCga33xzSFYL2bO7KW3UFs8DMSJFwMs6fRU19dgwpS4oCtkwGM2lCcaCR_wBe0zsroLOML8EzIQ2lcgHntwujD9906bs8wRwtVnv0nSGZkVB-SyeCZK_P0GmU2sj7TzbZia57xAk2dTAcotTAwuAZJwI5m09mOpjgEk88jQDM_htAdY9C9aTwyZ0w_ABKCgkK_eA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeB2OegAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEO-ICdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTUyNzEwNTIwMzM3NzY4MTEYAA&sigh=axDqOtqAioI&uach_m=[UACH]&cid=CAQSGwDq26N9mZtG2s6RD4Zcg_KGNELdI5sGPMh_sRgBIBM&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670768727&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768727556&bpp=3&bdt=535&idt=253&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&correlator=2501798545303&frm=20&pv=2&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KgavVMfs3p&p=https%3A//www.proxysite.com&dtd=274
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 164ms
163ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=1&c=ca-pub-5271052033776811&eid=44759876%2C44759927%2C44759842%2C31071113

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/ Frame 66BB 10 KB
4 KB 21ms
20ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 18:19:12 GMT
etag: 10353107486223812946
expires: Sat, 24 Dec 2022 18:19:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16219658952005295331/ Frame 0611 25 KB
25 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16219658952005295331/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96ea283c1c37c5d7d4177bb32764f2873c8c9ef60923b637091f7afb1eac94ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 16:32:47 GMT
x-content-type-options: nosniff
age: 510761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25091
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 14:53:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 05 Dec 2023 16:32:47 GMT

GET
DATA 200
OK truncated
/ Frame 0611 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0611 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0611 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49d151208e62ccc69c6eb8db3a55e44a7f488474be36cd6ffe4f90e4e3098ec1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 66BB 8 KB
895 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 12:47:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 66BB 2 KB
765 B 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 66BB 0
0 68ms
68ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTBhCWOiVY4mECL2Z78EPi4erqAaimoTtbbblpoHXEGQQASCB85MpYJWCgICgB6ABo4vF7gLIAQmpApqSWYn5rrE-qAMByAPLBKoEygFP0LwsRT-06xavfTln5n51MXlt4ifZSgvsCYC8_3PtJPrzqCjJ60Oq08VNgXxX7_nD2Qn1py2EdBoyBjTwlqbElnb9tH1piDNMYp0TLkRGNlPf0eDYFU9kA01ay_PvMlSrNf4NjOUsq7JQAsrTJCHmSuHq-Fr0G2G1AcGzsYBrI6H3A--YLA5RM-LYB3KshI3i934y7adxTzoyWYfnGUD2okvTQKzyZyT__ZN3m8ZyX9XYRaz4vH5FkoPRccxkrE-uOrVwSUNpLGn3wATXv5DEoQSSBQQIBBgBkgUECAUYBKAGLoAHz9DVmAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD6_gLSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAZgMtKi_gp0EuBODBNgTDtAVAZgWAYAXAbIXHAoaCAASFHB1Yi01MjcxMDUyMDMzNzc2ODExGAA&sigh=zjiVrNdzSY0&uach_m=[UACH]&cid=CAQSGwDq26N9CQb7aYs3KK0RptG9AuAcc3LO_SYzSBgBIBM&template_id=515

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 66BB 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 66BB 3 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20618
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 66BB 18 KB
7 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 66BB 153 KB
47 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame 66BB 34 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 0611 28 KB
28 KB 66ms
21ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:03:51 GMT
x-content-type-options: nosniff
age: 364898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 09:03:51 GMT

GET
H3 200 16272888955745119377
tpc.googlesyndication.com/simgad/ Frame 66BB 1 KB
1 KB 22ms
22ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16272888955745119377?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e35a8f69bf211ed6d8ac69515a5cc50065a4131d7c93249164f3d48fa695e60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 05:45:10 GMT
x-content-type-options: nosniff
age: 463219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1467
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 12:38:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 06 Dec 2023 05:45:10 GMT

GET
DATA 200
OK truncated
/ Frame 66BB 195 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e34975a0a58f4262f18fc35a4a9efb9f9b3962b87772f8fa5c006d5b7bc3f57

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 66BB 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame C8C8 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
DATA 200
OK truncated
/ Frame 66BB 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0316ac8210f8ed0c0f0c33ae67ab42dc5753840020a5a73841b0ca867c308cd2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame BA47 36 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame E248 36 KB
16 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0F21 624 B
245 B 59ms
58ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJa-_eICEIjrweQCGN2p0NgBMAE&v=APEucNVPaqCgCkIE5fAkVE8VclydrrN8O1LBvG9cqYx_tilWeVlsPCwAaFnxtkvcp0WPQT9dFJlR88z9k7i_Ky7zg00XZUz_-mDQhQ0NIxuxVUTceSaVdO7WeJnyVbAFPKaqRSH3e5Eq_6VajXiKL_AtUhjBzH6r9J7JUPOrRh5vyONB79qZg1Y

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:29 GMT
expires: Sun, 11 Dec 2022 14:25:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BA95 76 KB
27 KB 112ms
111ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27387
x-xss-protection: 0
server: cafe
etag: 15442950961169408521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame BA95 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20618
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame BA95 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame BA95 0
0 79ms
27ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTkTn3P0SOsKrUSr7Qk8fRjfn0qPOeG-6Zfu2eOtUsso_N550XpBGML2C9xlgxV1hq9ZdSjBlYxMzUc2Ei--HwTwHGz9g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA95 153 KB
47 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame BA95 23 KB
9 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 42 B
63 B 164ms
164ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CiyxyXhD_fu64ZCa7T0Z8H6oo6D1ZYGD3iJA_k2-pGUXEEGdVUwBYXrPrby4OpP0V-pTRZkFRTVR_mqMZ9nn9UVfAlTGcxe4oIPIOfQ0CAhrCNHmU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 0
20 B 164ms
164ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5399582600289340438&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D4F9 6 KB
672 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 13:02:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame D4F9 2 KB
765 B 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame D4F9 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame D4F9 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20618
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame D4F9 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D4F9 0
0 28ms
27ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRs2aD2y_Rpzdds_6w1HxZZkLGQkQ26vTDvvDpU8I_LM94zZt_A5bEZbfID03B2ZHQn4EaYXR3j9Ojz-rofSKJsnran4w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D4F9 153 KB
47 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame D4F9 34 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0F21
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1

43 B
766 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJa-_eICEIjrweQCGN2p0NgBMAE&v=APEucNVPaqCgCkIE5fAkVE8VclydrrN8O1LBvG9cqYx_tilWeVlsPCwAaFnxtkvcp0WPQT9dFJlR88z9k7i_Ky7zg00XZUz_-mDQhQ0NIxuxVUTceSaVdO7WeJnyVbAFPKaqRSH3e5Eq_6VajXiKL_AtUhjBzH6r9J7JUPOrRh5vyONB79qZg1Y
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0F21
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5XoWK2wOEvh.w0FiCTXlQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2

43 B
766 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJa-_eICEIjrweQCGN2p0NgBMAE&v=APEucNVPaqCgCkIE5fAkVE8VclydrrN8O1LBvG9cqYx_tilWeVlsPCwAaFnxtkvcp0WPQT9dFJlR88z9k7i_Ky7zg00XZUz_-mDQhQ0NIxuxVUTceSaVdO7WeJnyVbAFPKaqRSH3e5Eq_6VajXiKL_AtUhjBzH6r9J7JUPOrRh5vyONB79qZg1Y
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMaNhr6I8nFASWnGcChy1js&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0F21
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

43 B
1018 B

33ms
33ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJa-_eICEIjrweQCGN2p0NgBMAE&v=APEucNVPaqCgCkIE5fAkVE8VclydrrN8O1LBvG9cqYx_tilWeVlsPCwAaFnxtkvcp0WPQT9dFJlR88z9k7i_Ky7zg00XZUz_-mDQhQ0NIxuxVUTceSaVdO7WeJnyVbAFPKaqRSH3e5Eq_6VajXiKL_AtUhjBzH6r9J7JUPOrRh5vyONB79qZg1Y

Protocol

HTTP/1.1

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
AN-X-Request-Uuid: bd76b9d9-5519-4c1e-9f16-ed3f9c3f1f49
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.29; 217.114.218.29; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHi2MqJPznOmqUGLijKNckI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F21
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

170 B
188 B

35ms
35ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
AN-X-Request-Uuid: 37fec19e-d325-4415-a737-578de69983d4
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D
Connection: keep-alive
X-Proxy-Origin: 217.114.218.29; 217.114.218.29; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D4F9 0
0 71ms
71ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CpCqFWOiVY-jzPL-X78EPhZG_gAq-lp6cbZGNo9vnEImQ-JffDxABIIHzkylglYKAgKAHoAGEjJm8AsgBCagDAcgDywSqBMkBT9DMH9kafpeKDuaNND5TnkvUwK3n13t0gxgERGrPPGsmZS5YzoIK1I1uEOAySsAFM9IjpTbbujyo6w5dX4rzUU98jrWWWLIhAornH7ZnNOQe3ei1Nvdd8ZCngsQQ6VpieUCEDzhWW-9cUUGF8zhd4Q-F0PG6IsCQiy9d9DPHZxIoQaVXd3yZHBFuIA_MiCL8ZGDgxJtEWtvssfxiYqzrXmsf3SPYWU3Xrah_6TTc87hfCqzktMS_aTcZIIH6QRpScz7D_5B_M5BCwASvnoC0lwSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHu4_-uwKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCg5gLSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEwzQFQGAFwGyFxwKGggAEhRwdWItNTI3MTA1MjAzMzc3NjgxMRgA&sigh=eBUGLCuYEfM&uach_m=[UACH]&cid=CAQSPADq26N92bOYj3c3FHLyVtqQnotONwFVi4G31bbmpzrtsZrWKE2aSu-zqKGaHOoN6_TJmFUhOo2d8KJrSRgBIBM&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5610518008519402883/ Frame D4F9 20 KB
20 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5610518008519402883/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ad3fda2b881715e85727f4f39c1769fe64940508a2b851a8f516db084427bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 14:54:41 GMT
x-content-type-options: nosniff
age: 84648
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20060
x-xss-protection: 0
last-modified: Thu, 12 May 2022 14:43:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 10 Dec 2023 14:54:41 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1018321470155622294/ Frame D4F9 2 KB
2 KB 30ms
30ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1018321470155622294/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d053d1e9e58096e106b6669c717095b007b0b78251652686ef7bb30d51102f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 12:25:52 GMT
x-content-type-options: nosniff
age: 266377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2404
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 11:04:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 08 Dec 2023 12:25:52 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CB19 4 KB
621 B 32ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 12:59:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame CB19 2 KB
765 B 30ms
29ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame CB19 23 KB
9 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame CB19 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 08:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20618
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 08:41:51 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame CB19 18 KB
7 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Dec 2022 12:10:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CB19 0
0 80ms
29ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRaLYJOoDDO8vHNz2MAsdxllct9RPL28mEgWysu6zXjv5-J0WI1InbWaqIqwAxTRZ-KGps5dKMngzkQ_IN4m1SIrnOvpQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB19 153 KB
47 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame CB19 34 KB
14 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CB19 0
0 64ms
63ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cszl0WOiVY6XrPJOD78EPspWF-Aq-lp6cbZGNo9vnEImQ-JffDxABIIHzkylglYKAgKAHoAGEjJm8AsgBCagDAcgDywSqBMgBT9DEoftR6heinezhin04OWJ8QIczSvsfL-LwfioMr4J5-DIwa72UE-me_VKEONBqO3v_tzrv3lk72TEz1xRjFjhXgX7NVLtxsWkTeG93rkyrVy4gStIAqtnd17Gu1-4Mr7SjRVqMb27074B1cNmoYsRXf0JG69kdNBO8qp22aZ0Lg8BeLffAqmfKnaiu6Jut7-IMSr7aY-zzWnMTZbPoOq78eX7M3EJrRXucVV8guZZqtXKa4iYDecD_KIqERVw-f8ciLiDmminABK-egLSXBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAe7j_67AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEK6YAdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBuBPkA9gTDNAVAYAXAbIXHAoaCAASFHB1Yi01MjcxMDUyMDMzNzc2ODExGAA&sigh=mLmn5f2lcrY&uach_m=[UACH]&cid=CAQSPADq26N91tT9SoCCk0WBLgt7PPXKoNuT9dhUpMfY8F97FV_pZ5SiMW-5deXTmJWQsW6Ap-uOY7IdQk7oFBgBIBM&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5610518008519402883/ Frame CB19 6 KB
6 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5610518008519402883/downsize_200k_v1?w=195&h=102

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc673c4f66f5b02af3a793375962ae6ea5eef31badfe6f11ae14668d511070ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:18:40 GMT
x-content-type-options: nosniff
age: 94009
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6492
x-xss-protection: 0
last-modified: Thu, 12 May 2022 14:43:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 10 Dec 2023 12:18:40 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1018321470155622294/ Frame CB19 2 KB
2 KB 21ms
20ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1018321470155622294/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6d053d1e9e58096e106b6669c717095b007b0b78251652686ef7bb30d51102f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 12:25:52 GMT
x-content-type-options: nosniff
age: 266377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2404
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 11:04:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 08 Dec 2023 12:25:52 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1BF3 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 09:30:19 GMT
etag: 48472445140208031
expires: Mon, 12 Dec 2022 09:30:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D4F9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11448dd68e1fa25fb7241c12b37761a28bb828c8b2fd1df0a8713b7a75e4708e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A316 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 09:30:19 GMT
etag: 48472445140208031
expires: Mon, 12 Dec 2022 09:30:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 0
20 B 165ms
165ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6201223683981&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 0
20 B 171ms
170ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6201223683981&version=m202209210101&ct=76&x=1&cor=5399582600289340000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BA95 93 KB
37 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZnzYX-qdh_T-_XKOQO73uDP3Lbd_kgq5nVuXUfJsMztbcU4c6DiwOnHCIR5mspDIqkvD5RiTLMA_7RfFu347Qm0kAyw&cry=1&dbm_d=AKAmf-BbfMz17Jt2qsjA1nk17-86-ES99176BXch4OI3Z1zv4bi2BvdN3RXLAnkdCGoob82m2dtR5o5SYqsZO7CkxcaugIiIazmXvpebzQEr5zPgXnkQt3wEnfDnSpg1-yn5BnBPvrP1l30x1lSzAMaIW-v8nFcKL1EM2hQ95uG5-qTyZUDtDv-stAKpnkWR0gt3wuyy36G-4mzyrwI9Wi4L3-2G_RBMP1l2gAQU5wcoLckJWiRt0Mtah7NOAuKprDrlLQJWHD32mudRKOemkATT6oSIzlzT8gQH-ESVKNlLyRnqxCrTUeo-gj_UFu5uJA7eB4GzWZB7tjPtrEtRaqfgIVNgfh1e9J7_SFpitZY4W1JWcDWVJM1nGJmEOzkSV30uMGZGEHTzMfehZOCkgWMKOJaa9kEyMJ66a7l_hr9PjlW4pEhJ582sd42TiJOAqwgIA5NByuz3HXbJVmoA3spzTtGftOr1gYk7-hjOBnBe1cWaOaISjxTfun7iHFd3TTrHnpueZufS-tAM2b8CXkdZavT_a8FN1TBsEu-FPk9J-8zpujm1FdbfVa3RZWSu-pPN6oZ9whlKo-WWPHTd-gySQuDohs3JDu6rdwkTjp4KzWlOmMRLlEvyE37cI9AOEKOPwqYH_dOvoo-l2tA-LiISnqnVweFKyiOONLeVahX9Sy-gH7e_FSeoAWV7cXYH2qtjg5IKoLrRwURNXpYqonCXH-FI5UgZPO7MtcLlvPqQitL2rDl-jGddhM9kMnsUcnzLdeAuAHRPiJsE818Z27X7fMmxmYNCAr8I2cbGiaDdl2txO6Fw9wgk5ixbAtpiLKK4Jvno0zBV2jblkEZ46gjILkDzbiJTLpS5oZ_GGEpoQ-S2LtfC-NS3Yu2H0mSiBf17Nev6wGKdTLUKHO9grbAtLy8UYo85zK-BQLyjQV1zjAY99ZZeOfkS9vjpYKmQdeZjon4VVVa4yKdbZ76rwncKjYiim6KtRFdR_pqvEMaeRTtZI-vP_KN7Z83QgrLokQ_3x7hUNIKA8cTzA_e3Q1ZqGMspCgk6TsCpAZrju1NP_5kPo-b_bTrPGczN5YHX2NZJRU4UtfItbSYiFI8Ue9FCHqIYAFtXjuWA7-s2AkhnkFIuuWhlaCeFdO2LLDs5rjNHkBsh5PVTjc5DWvZgsU1s9EBAF34cmCAWr7TQriM2IzgSOKlHqDUtQxppB2WxuE0of4WuekGNla_uw_bt9e2EZ_uXQ8NJUxNv-55tQxoWoc2Pl9ZnKWi8l9RCQHBLbDACqa3uY2RlNf4l4uciKJgGsCTL5sD88jaG9vOstZ67QjMFBovcqQjvsVvC-ntWSSZWleBPkZ-Jl7JCf5TEKLzwIfANGxKajgGig2LfRecwXbIa5J6hATsa66Zmw932acc9Hf3P5nstbga-z7yFMJYLhP0XVs1wBPxvkLxBykWHfH722zDHbLobWVrQWF_vQD_kwaYaxF94vCWhIyWGD38ndPHzsmquqxbHjktuAcZ5I_x0AYhQrCiUi7bSzya-C_dKPR3Ai3NBWnD4iaz85sA-1UrjIfvuw2Kb2-RuNZ4FnrFazbQqD4UgUl7rIFHKNNkHYljDN_16RU449fNaqZw7DYscnw4rdFL5PP55UY-WV9j-a4yco0ZibkM8eXjLEBXuwwRBi_-KhV97m0uwtFM_PGlH1TQvoS-iImQ27475s3INHl7T_TOxf2jVyxGap58RXzkTb0zGHHSji-lqk0hCBfZM8iJ3T0frSROM5z98g9QgWi-Gs1xs4uvxvhpsskWZ-Kw0Xp4oLsTsVmx0vIXVNzt7uPQYkofU8zzciGADRwJx95KA0DPXxqR2Vn0G8PbpZU42klt7Njl41p1DJucRx4d6_dHjpo_3V392OMS4sZf0BFSOOMYIXAiTbCdtDM_r2hEjN3RnG6eggEJi6GKfJpkyRKEV0BLwyj4PcBR-4-GOgTrDGNWmnI2QCOh17gyqwZmSsmxflJhidoafNMxNfMiSf-IyUuwhNVPJ4YfkfBx_hWT_3gXr2PVe9z99wmXHRuURirQK-xL3ehEyMVJ_vX45BtluZQSoYc6bb0Ljj-yUVSL2UfslB-IyuHtv26KvwQsyunUAeao-UpIAuairn27xFYbpZcllRj_RvZoUk2mMbgKEmNP0te3AI1pOgtOrCry1vmKYOH0P4rkUD85PHxpIXRTAahoIN--BW0hdFrW-euTloM0L9QhwNqhuD2g4nyslyIkkT9KXhYJpb1yeVI6t8wETsNrd0to5fNroNC18WX4YE5HvDU3csFY5_zHu0qCBlTyFnncOQEe9QyswuOyW_pLgeF-PcH9hm7UhSPXPhG34lqsZ_-k9fBsrdv4q5euvrmYwBrMdoKaodqekh7HSs8lQKb6UpE0Jouv2DWCNMJpOxlMDKPhD68_MPQMcrK3sHpq08ZIyag4Rh-QlXT9tZj04BX0X7KXHex7Ls75Dw7c5DRTW6hXKoEK35RxUFndGTgxowhrbd4iw1Wro5Unex-M0IxY5_snfUf130FrRLzLkJC91h6eCuz8PUHV_UobWedHgA0U8JLcPmsVlAwuUOz2mnIBQZq4LRiKS0qp5pu35CKqR8n-s9CzAaI4wqRzMN3YKFbF3fwlUglhyEA0cte6ARfQ5YxQGkT98B3_MxbOOKXNu8U39tASXqLxbvzaO1wL5FqD4pEdhNtz2VYTByKZQqNeq5yGFBux-AZrMo34QDCPZ7ozqpUappDp_lG4_dzsuYvwXmo-LxnjSajTu2FVhlDV2im241KB7v8M-pf1UeeSVs9VNa7pq-TjrX9jVyNkCM1rv-_MmnHIF2xQ0W9iKipzQjK_AV4MOKMeMnibg4NuR0yQvfhWKdTnK9K3SxCgM8JC_peKxEg8BuSgU1v0spk5D0OL2QFnPEXolt3Elf8jDxGPTqviKBwxC-4QN7Wdi-zU0nvToNsEiOMSDVlsr2pPPWzWBeVLGJKT3gUjd918oY6jxdn8lA7Y9-M5znBHK4t6pp963sKnsyzrf5_ZnbjII_mO3aC159YOl1FQ_E1DdgBt9Ak_qStMgTFUUoAQOKq-A_gkyY9rnn4pJxvtD2GgHauuFwt7S3DgqhYRswLp65HCtl5oYoT-zLDbdMH6UqucJV-sgDMlKzbL24XlNcx92TvPT3_ankRB3BrZYLJYeychm2JLPuR91reI1qRX4d7DXlv51WKqY5mOn4GXRuwHptVj_lD43mewvWWgRH_Y56R-ctxSBfvbU-n1d6qCKoaxkH2qkPA6_81wme65Q3zLlJmtXddM1jMoXaDgoVgJyf0JJe3WXfwLm2HMhlPcRXeCH8klsukYhA4emfkINtguH_c9YzRAblwIfDyoqCjXlkbndyN890pjfzRC8kLAHqcrtqW9EkVGQw4wTPpCKVA&cid=CAQSPADq26N9vXJHzCNyELhMhNGw4EpNbzxaAcXBIuT5RYAwHYs6yx7CFabnnwFUqxFMUKbAH6_WpAsmfFhsHBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fwww.proxysite.com%2F&ds=l&xdt=1&iif=1&cor=5399582600289340000&adk=2515327512&idt=118&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

948be491d78e0b9e68127c6f9f63087e7d510219c864731896cd9d62837e5a53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37385
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CB19 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1af055020c131f46a904163df8a93d0d4a75ca533ec6e5f06905b6596e3095c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D4F9 15 KB
15 KB 23ms
22ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 151389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D4F9 15 KB
16 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 206160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D4F9 15 KB
15 KB 29ms
29ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 177036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 13:14:53 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BF3
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MVl0OXJQSmMxUDRuZ0o1&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6...

170 B
188 B

35ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MVl0OXJQSmMxUDRuZ0o1&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6tVfqyHL5z2uIHZz1Kc8quD0RXhGnKCerP_jY7FAaPOn22uVcxVMuAiA

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-01cc22a724fa3318b@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MVl0OXJQSmMxUDRuZ0o1&google_gid=CAESELnEbz1R_NyspZOxlqoSJNs&google_cver=1&google_push=ASkJ3FZL4LeiUnSvoCdl__nQ50hmZZUOmL8xAhT_hYrcKu6tVfqyHL5z2uIHZz1Kc8quD0RXhGnKCerP_jY7FAaPOn22uVcxVMuAiA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 1BF3 70 B
265 B 151ms
50ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECSVGKgV0RdoDS2sN1Z1lIs&google_cver=1&google_push=ASkJ3FZu2nVJgpudR0-QmAsK5UTWAJ93nn3U5WRiaS856x3evDovW7zb5ZMqJoJFK6RurONSEdtR2bQoGtId6EpObTFXBzQNT_Wyew
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BF3
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENKGCvStN0dYM-tBcgZ0Z7E&google_cver=1&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhv...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=4ydjE3G4TLe9_cCN8GV4bg2&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhvs65FsxuaF8rsiQ

170 B
188 B

38ms
38ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=4ydjE3G4TLe9_cCN8GV4bg2&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhvs65FsxuaF8rsiQ

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 11 Dec 2022 14:25:29 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=4ydjE3G4TLe9_cCN8GV4bg2&google_push=ASkJ3Fa9TqnSULuK3gZdqihiOgk0mCWzVjg3VPaHVcegxYUkyyoSGwRoJO_-PnkmvCGMm7serPe5xT4BeKNUvrhvs65FsxuaF8rsiQ
x-host: tde-deliveryengine-production-59bd69b6c9-d5s54
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BF3
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF06...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4F...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTEwMDk4ODUxNTAwOTQ1MTQ5MA&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF...

170 B
188 B

36ms
36ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTEwMDk4ODUxNTAwOTQ1MTQ5MA&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF066XuK9yg3JzMw9P5qF5ryr5k

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTEwMDk4ODUxNTAwOTQ1MTQ5MA&google_push=ASkJ3FZQ56ZGPRyZuNn2Cp1tSSHVGCt8NP7MAlvp13NDzrsjeY6MtVxr3dDse0WsKzXugyiKL4FeAF066XuK9yg3JzMw9P5qF5ryr5k
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BF3
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECLNA9IJTQbX69VpI_KDc3M&google_cver=1&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsI...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjcyNjAzMDkzMzIyOTQ0MzI0Mw&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegT...

170 B
188 B

35ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjcyNjAzMDkzMzIyOTQ0MzI0Mw&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1IS_DB-_6vy2OQEtvz_kiym4

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjcyNjAzMDkzMzIyOTQ0MzI0Mw&google_push=ASkJ3FZG982nQX7PviUsVbAJzKjY-0SbTOjmdf3xotfPMeSd67UVbSzTfsm6VxM-zs4kOgIeUsIegTN1IS_DB-_6vy2OQEtvz_kiym4
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1BF3
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKAtTqqAEEcWzNIicPNXWL8&google_cver=1&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGF...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJKR0tBSkctWC1BVlNF&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGFjrNVboOoi5V4U9M5t-ORDBaAA_hM

170 B
188 B

39ms
37ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJKR0tBSkctWC1BVlNF&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGFjrNVboOoi5V4U9M5t-ORDBaAA_hM

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEJKR0tBSkctWC1BVlNF&google_push=ASkJ3FaFtri3ESPYSR-aGzsxY3QHAC8lyo6Ksa7f8c4Ai_ZPqktNk7WDpvXAbIpagyafXkOKsGFjrNVboOoi5V4U9M5t-ORDBaAA_hM
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 1BF3 43 B
296 B 336ms
37ms Image
image/gif 2a05:d01c:1d8:8102:1f82:7aa0:f039:aca9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEAXDLwuvVJ9KXEwN7JNcr0w&google_cver=1&google_push=ASkJ3FYqaawDTCu7Evvhn7MlNF0clm29xpwbaWBrikcoSTJyZ6lufQ_WcsYPI9dsUMjLwM0yrXUOvmzQTzxHmdbYeDx0bU8aFzJQB_4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=pnTJhgzjWp&p=https%3A//www.proxysite.com&dtd=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:1f82:7aa0:f039:aca9 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1BF3 0
12 B 31ms
30ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L_fKM6u4pANutcgf9vmfiw1L7jGSKCC4BhhGa7s6mlFZzqRpdxxuqhitap5Hcqi1qKpLLM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame A316 0
104 B 223ms
80ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEG4-S2nNgG4Of2_rCipBjus&google_cver=1&google_push=ASkJ3FbDAcnntWc9Li9qVhz1jgK7Bq3oyMVbJU50STBfEFAMusBw5Wqdef001W7BPRpKCYYsdxHblAOMg_iS9R9Ppc6oopScX5OrjjM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A316
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAs2rU_TJtFgv9aoTQZaxd8&google_cver=1&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvR...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvRi6CuSaJGjDydv1E

170 B
188 B

34ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvRi6CuSaJGjDydv1E

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 11 Dec 2022 14:25:29 GMT
Server: MT3 180 1fd3e2d master cdg-pixel-x32 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FajkMQCOy6Xepz4A7kOiJ38RBLlUgYMUH39E7zAELnr1xAeIhbAhWbXQ6L8ubNf1iEX6RnlJs7VlR_EcuvRi6CuSaJGjDydv1E
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A316
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEPx6_qDuys_BpIw2w32WCBY&google_cver=1&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y7D0YEv1jN8p5Ywus
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=099162268B924AF1A259FA479226C48A&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y...

170 B
188 B

36ms
36ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=099162268B924AF1A259FA479226C48A&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y7D0YEv1jN8p5Ywus

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 11 Dec 2022 14:25:29 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=099162268B924AF1A259FA479226C48A&google_push=ASkJ3FYESczB2nuf7cv1a37p7O3PxjaWQ52bGDJEAdeMamaXwAzJPOD4lVmi1zefcDCRGBeVAJ-81qWHgP8Vt3y7D0YEv1jN8p5Ywus
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sat, 10 Dec 2022 14:25:29 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame A316 70 B
264 B 131ms
51ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECSVGKgV0RdoDS2sN1Z1lIs&google_cver=1&google_push=ASkJ3FZLiT7HMZrGwPLk9FYxpr_7I8RYew82kB5AHHE8sFhswPJy4h6oHkiT6fDeDnW5t5rf5FkDuHIDwhfXgc-s0iDi3if9wtg7gZg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1820&idt=0&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=PpFExOjB2A&p=https%3A//www.proxysite.com&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A316
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENKGCvStN0dYM-tBcgZ0Z7E&google_cver=1&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWgl...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Gj8gR_-_Tb6NPf1BGmEubA2&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWglxQWeDfHuD4I7eQ

170 B
188 B

37ms
37ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Gj8gR_-_Tb6NPf1BGmEubA2&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWglxQWeDfHuD4I7eQ

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 11 Dec 2022 14:25:29 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Gj8gR_-_Tb6NPf1BGmEubA2&google_push=ASkJ3FZBPdyyeP0KIjfHL6P8BGX7LffYMfC4zFiNwHDhzRY5tDH89doE64XuaUeXB5C8V3zMYhuePRWKrcHFrWglxQWeDfHuD4I7eQ
x-host: tde-deliveryengine-production-59bd69b6c9-kt6vs
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A316
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBFBdwe1-X2zAutWoB58_4U&google_cver=1&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRR...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRRuXaMh524&google_hm=eS01czlpMGdCRTJwRnJ...

170 B
188 B

36ms
35ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRRuXaMh524&google_hm=eS01czlpMGdCRTJwRnJrN0d3THgwRnN0aGxmVlIzb2VLZH5B

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 11 Dec 2022 14:25:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ASkJ3FZ9PWyECEQbQjXofkamzJdkbocIDUJnq98uQMmNtdnsxsOTc2cyskYaL1uDajjxkpWTkHXxTf9mZW1LdS84WLOADRRuXaMh524&google_hm=eS01czlpMGdCRTJwRnJrN0d3THgwRnN0aGxmVlIzb2VLZH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A316
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XH...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAP...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

34ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A316 0
12 B 32ms
30ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JI6JWVbO48LbriYL9keJzaCqkViqA9wl1EgYykJ1XmlMW0LxsWGK3jJqeuq983RPVOK425Hg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1221565/67009940/ Frame BA95 237 KB
71 KB 210ms
46ms Script
application/javascript 54.171.34.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1221565/67009940/skeleton.js
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.34.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-34-240.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4d72b3c20758bd015ec659873fc11fdeee0a28b9ddc005e9c4b1b5b1d7ab4a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame BA95 106 KB
37 KB 65ms
22ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15279
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 12 Dec 2022 10:10:50 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame BA95 8 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZnzYX-qdh_T-_XKOQO73uDP3Lbd_kgq5nVuXUfJsMztbcU4c6DiwOnHCIR5mspDIqkvD5RiTLMA_7RfFu347Qm0kAyw&cry=1&dbm_d=AKAmf-BbfMz17Jt2qsjA1nk17-86-ES99176BXch4OI3Z1zv4bi2BvdN3RXLAnkdCGoob82m2dtR5o5SYqsZO7CkxcaugIiIazmXvpebzQEr5zPgXnkQt3wEnfDnSpg1-yn5BnBPvrP1l30x1lSzAMaIW-v8nFcKL1EM2hQ95uG5-qTyZUDtDv-stAKpnkWR0gt3wuyy36G-4mzyrwI9Wi4L3-2G_RBMP1l2gAQU5wcoLckJWiRt0Mtah7NOAuKprDrlLQJWHD32mudRKOemkATT6oSIzlzT8gQH-ESVKNlLyRnqxCrTUeo-gj_UFu5uJA7eB4GzWZB7tjPtrEtRaqfgIVNgfh1e9J7_SFpitZY4W1JWcDWVJM1nGJmEOzkSV30uMGZGEHTzMfehZOCkgWMKOJaa9kEyMJ66a7l_hr9PjlW4pEhJ582sd42TiJOAqwgIA5NByuz3HXbJVmoA3spzTtGftOr1gYk7-hjOBnBe1cWaOaISjxTfun7iHFd3TTrHnpueZufS-tAM2b8CXkdZavT_a8FN1TBsEu-FPk9J-8zpujm1FdbfVa3RZWSu-pPN6oZ9whlKo-WWPHTd-gySQuDohs3JDu6rdwkTjp4KzWlOmMRLlEvyE37cI9AOEKOPwqYH_dOvoo-l2tA-LiISnqnVweFKyiOONLeVahX9Sy-gH7e_FSeoAWV7cXYH2qtjg5IKoLrRwURNXpYqonCXH-FI5UgZPO7MtcLlvPqQitL2rDl-jGddhM9kMnsUcnzLdeAuAHRPiJsE818Z27X7fMmxmYNCAr8I2cbGiaDdl2txO6Fw9wgk5ixbAtpiLKK4Jvno0zBV2jblkEZ46gjILkDzbiJTLpS5oZ_GGEpoQ-S2LtfC-NS3Yu2H0mSiBf17Nev6wGKdTLUKHO9grbAtLy8UYo85zK-BQLyjQV1zjAY99ZZeOfkS9vjpYKmQdeZjon4VVVa4yKdbZ76rwncKjYiim6KtRFdR_pqvEMaeRTtZI-vP_KN7Z83QgrLokQ_3x7hUNIKA8cTzA_e3Q1ZqGMspCgk6TsCpAZrju1NP_5kPo-b_bTrPGczN5YHX2NZJRU4UtfItbSYiFI8Ue9FCHqIYAFtXjuWA7-s2AkhnkFIuuWhlaCeFdO2LLDs5rjNHkBsh5PVTjc5DWvZgsU1s9EBAF34cmCAWr7TQriM2IzgSOKlHqDUtQxppB2WxuE0of4WuekGNla_uw_bt9e2EZ_uXQ8NJUxNv-55tQxoWoc2Pl9ZnKWi8l9RCQHBLbDACqa3uY2RlNf4l4uciKJgGsCTL5sD88jaG9vOstZ67QjMFBovcqQjvsVvC-ntWSSZWleBPkZ-Jl7JCf5TEKLzwIfANGxKajgGig2LfRecwXbIa5J6hATsa66Zmw932acc9Hf3P5nstbga-z7yFMJYLhP0XVs1wBPxvkLxBykWHfH722zDHbLobWVrQWF_vQD_kwaYaxF94vCWhIyWGD38ndPHzsmquqxbHjktuAcZ5I_x0AYhQrCiUi7bSzya-C_dKPR3Ai3NBWnD4iaz85sA-1UrjIfvuw2Kb2-RuNZ4FnrFazbQqD4UgUl7rIFHKNNkHYljDN_16RU449fNaqZw7DYscnw4rdFL5PP55UY-WV9j-a4yco0ZibkM8eXjLEBXuwwRBi_-KhV97m0uwtFM_PGlH1TQvoS-iImQ27475s3INHl7T_TOxf2jVyxGap58RXzkTb0zGHHSji-lqk0hCBfZM8iJ3T0frSROM5z98g9QgWi-Gs1xs4uvxvhpsskWZ-Kw0Xp4oLsTsVmx0vIXVNzt7uPQYkofU8zzciGADRwJx95KA0DPXxqR2Vn0G8PbpZU42klt7Njl41p1DJucRx4d6_dHjpo_3V392OMS4sZf0BFSOOMYIXAiTbCdtDM_r2hEjN3RnG6eggEJi6GKfJpkyRKEV0BLwyj4PcBR-4-GOgTrDGNWmnI2QCOh17gyqwZmSsmxflJhidoafNMxNfMiSf-IyUuwhNVPJ4YfkfBx_hWT_3gXr2PVe9z99wmXHRuURirQK-xL3ehEyMVJ_vX45BtluZQSoYc6bb0Ljj-yUVSL2UfslB-IyuHtv26KvwQsyunUAeao-UpIAuairn27xFYbpZcllRj_RvZoUk2mMbgKEmNP0te3AI1pOgtOrCry1vmKYOH0P4rkUD85PHxpIXRTAahoIN--BW0hdFrW-euTloM0L9QhwNqhuD2g4nyslyIkkT9KXhYJpb1yeVI6t8wETsNrd0to5fNroNC18WX4YE5HvDU3csFY5_zHu0qCBlTyFnncOQEe9QyswuOyW_pLgeF-PcH9hm7UhSPXPhG34lqsZ_-k9fBsrdv4q5euvrmYwBrMdoKaodqekh7HSs8lQKb6UpE0Jouv2DWCNMJpOxlMDKPhD68_MPQMcrK3sHpq08ZIyag4Rh-QlXT9tZj04BX0X7KXHex7Ls75Dw7c5DRTW6hXKoEK35RxUFndGTgxowhrbd4iw1Wro5Unex-M0IxY5_snfUf130FrRLzLkJC91h6eCuz8PUHV_UobWedHgA0U8JLcPmsVlAwuUOz2mnIBQZq4LRiKS0qp5pu35CKqR8n-s9CzAaI4wqRzMN3YKFbF3fwlUglhyEA0cte6ARfQ5YxQGkT98B3_MxbOOKXNu8U39tASXqLxbvzaO1wL5FqD4pEdhNtz2VYTByKZQqNeq5yGFBux-AZrMo34QDCPZ7ozqpUappDp_lG4_dzsuYvwXmo-LxnjSajTu2FVhlDV2im241KB7v8M-pf1UeeSVs9VNa7pq-TjrX9jVyNkCM1rv-_MmnHIF2xQ0W9iKipzQjK_AV4MOKMeMnibg4NuR0yQvfhWKdTnK9K3SxCgM8JC_peKxEg8BuSgU1v0spk5D0OL2QFnPEXolt3Elf8jDxGPTqviKBwxC-4QN7Wdi-zU0nvToNsEiOMSDVlsr2pPPWzWBeVLGJKT3gUjd918oY6jxdn8lA7Y9-M5znBHK4t6pp963sKnsyzrf5_ZnbjII_mO3aC159YOl1FQ_E1DdgBt9Ak_qStMgTFUUoAQOKq-A_gkyY9rnn4pJxvtD2GgHauuFwt7S3DgqhYRswLp65HCtl5oYoT-zLDbdMH6UqucJV-sgDMlKzbL24XlNcx92TvPT3_ankRB3BrZYLJYeychm2JLPuR91reI1qRX4d7DXlv51WKqY5mOn4GXRuwHptVj_lD43mewvWWgRH_Y56R-ctxSBfvbU-n1d6qCKoaxkH2qkPA6_81wme65Q3zLlJmtXddM1jMoXaDgoVgJyf0JJe3WXfwLm2HMhlPcRXeCH8klsukYhA4emfkINtguH_c9YzRAblwIfDyoqCjXlkbndyN890pjfzRC8kLAHqcrtqW9EkVGQw4wTPpCKVA&cid=CAQSPADq26N9vXJHzCNyELhMhNGw4EpNbzxaAcXBIuT5RYAwHYs6yx7CFabnnwFUqxFMUKbAH6_WpAsmfFhsHBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fwww.proxysite.com%2F&ds=l&xdt=1&iif=1&cor=5399582600289340000&adk=2515327512&idt=118&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72907
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame BA95 30 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82038
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 15:38:11 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame B479 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame CB19 15 KB
16 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 206160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame CB19 15 KB
15 KB 22ms
21ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 177036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 13:14:53 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BA95 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 07:06:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 80B4 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 09:30:19 GMT
etag: 48472445140208031
expires: Mon, 12 Dec 2022 09:30:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BA95 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62577c7ab6842378aaa990590fefcbbb50c7b4a2cd4f336483a4ebc884f6562e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 30A7 36 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 63D1 22 KB
8 KB 23ms
23ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 66015
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 20:05:14 GMT
expires: Sun, 10 Dec 2023 20:05:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAs2rU_TJtFgv9aoTQZaxd8&google_cver=1&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8um...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8umjKc4iKxASRMEGw

170 B
188 B

34ms
34ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8umjKc4iKxASRMEGw

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 11 Dec 2022 14:25:29 GMT
Server: MT3 180 1fd3e2d master cdg-pixel-x26 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ASkJ3FZKSXJQYXyloB9AFAzS6FeUvdXmTs56UDdQBvxQKzdn0cV6pLhCytCAShSNHqpPzoVmkIulNXk6H2Kbv8umjKc4iKxASRMEGw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 11 Dec 2022 14:25:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESED7DtgzS8_Ia13BwVa8CAPc&google_cver=1&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NTg5NzA1MDI2NTg3NjYzMg%3D%3D&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978LsQ-...

170 B
188 B

35ms
33ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NTg5NzA1MDI2NTg3NjYzMg%3D%3D&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978LsQ-t569NbwG7l

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzE3NTg5NzA1MDI2NTg3NjYzMg%3D%3D&google_push=ASkJ3FYbfObBEt9wAsUM0ZtRZjyiV23EJsM7XFNfS_OEtER8ZQFdfjZ7DYKeoQfQ-kc8aX5WJCt7YBNw79D978LsQ-t569NbwG7l
Date: Sun, 11 Dec 2022 14:25:29 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENEm6oLB-n73jV5WAsacq9w&google_cver=1&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYt...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESENEm6oLB-n73jV5WAsacq9w&google_cver=1&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sg...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg&google_hm=-a1P3DxYT0KpfR4a7Ye0pA==

170 B
188 B

35ms
35ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg&google_hm=-a1P3DxYT0KpfR4a7Ye0pA==

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg&google_hm=-a1P3DxYT0KpfR4a7Ye0pA==
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_hm=Y5XoWK2wOEvh-w0FiCTXlQAAFGcAAAAB&google_nid=index&google_push=ASkJ3FYijQOXNlQJv9E4Ev7ZfZrJuunsjeTvr...

170 B
188 B

36ms
36ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_hm=Y5XoWK2wOEvh-w0FiCTXlQAAFGcAAAAB&google_nid=index&google_push=ASkJ3FYijQOXNlQJv9E4Ev7ZfZrJuunsjeTvrV1nFnPeJvA2lzOmbKUCdalc8KhKorbInHX7bgQLuAukYylpSP2p_eGXrkiqFrfVPw

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2QJkN2JoOTxgYAeb5q3neX%2Fmz7vtjLc%2FdEAmg3c4G1vYTP6dkau8Nyy8%2F%2FpqZNcm7sVSHAVyKN8TuY8CzFyMSyNzmCeAUMfqalETVWMakBbZuF9420jEYnVUBRSJBx8Ea8mls1DHElUUGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGxnD0jyzQym2OuWTbxSh-w&google_hm=Y5XoWK2wOEvh-w0FiCTXlQAAFGcAAAAB&google_nid=index&google_push=ASkJ3FYijQOXNlQJv9E4Ev7ZfZrJuunsjeTvrV1nFnPeJvA2lzOmbKUCdalc8KhKorbInHX7bgQLuAukYylpSP2p_eGXrkiqFrfVPw
cache-control: no-cache
cf-ray: 777ee3d178099244-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 80B4
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEAJpf6g3jAfBnKVFnU83fks&google_cver=1&google_push=ASkJ3FZevnEZRPcGfxom1E2cLnUoFajvA7njslK0L_DuW3op446qEz2mikZ_VjwPSlSjcNDt7t5au4Rt5HH...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ASkJ3FZevnEZRPcGfxom1E2cLnUoFajvA7njslK0L_DuW3op446qEz2mikZ_VjwPSlSjcNDt7t5au4Rt5HHIkd7l9hr35ot9bazfuA
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

24ms
23ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBN...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBNHp5ah9ujNWeahoLCT...

170 B
188 B

33ms
33ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBNHp5ah9ujNWeahoLCT890RlktsmrD6knFl6jF1GaJ3_HEjl5_k-8t84h-fB9dWFRn3EzUsVbpm94Y16r3REOdrQ

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 11 Dec 2022 14:25:29 GMT
AN-X-Request-Uuid: 06e175bf-9337-40a7-a4e6-80c6bfcf6dbc
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTkyMDcyOTU0NzY4Njk0MDI4Mg%3D%3D&google_gid=CAESECaB9sCwi4CqN7p0MG_lzh4&google_cver=1&google_push=ASkJ3Fb090DW12yBNHp5ah9ujNWeahoLCT890RlktsmrD6knFl6jF1GaJ3_HEjl5_k-8t84h-fB9dWFRn3EzUsVbpm94Y16r3REOdrQ
Connection: keep-alive
X-Proxy-Origin: 217.114.218.29; 217.114.218.29; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 80B4
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAPLye-XH...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAP...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

80ms
80ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4&%%GOOGLE_PUSH_PAIR%%
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 80B4 0
12 B 32ms
30ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lni9mtHqwExusvS2_jTpELDfk-K6gOuUBGn8wnmK6uGq8pq9TuzcUrgmPP-qpieoNtBzWibC-c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 8 KB
2 KB 66ms
20ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66b1558ac7eb244e9a3905c93be0c89ea86e7fa53c084609d2cbd0af38a9d03b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 141357
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2528
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:09:32 GMT
expires: Sat, 09 Dec 2023 23:09:32 GMT
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BA95 0
0 116ms
71ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLgPe0ckAW0PLOZDzcmfMTc_EqgvdYugpVDnQVU14CMqqzUp2Fje9rV00AXg5mrossynUvabWzECbcZPOs3mvDbs1emrDXXJuunq_X9JAOGF1Lc4zL4q5EBK93lpWVaYgV1YIOkguFRt1Qmmt1dj2m345Mxdzn0aTscuyf3hVn41hTzVads0M90hNU3jlug0L1sNKQt2-gapz7EV-Wr0qZHR8YfZywysiDypf3fvhrhR6awZCggVhTsxLZQV97LJ_yLuJSL3NeDsRheV5Kl9Enr89qPthIXmjDPyst_bbtW5b3F7wJVoDJFdscFWN5X3oTj3mWmhyUgn6SucNYKobDCjfQUSuCkjDRmj1KYxdbiOPuylqvaQb3sUzA-0u1HoDQ_36D3017g6zQu7ZFxScFLf_L6vW_cOm8Qf_c_eBSx_9RQCK2w8czNiH6yB45ffli3wwvs1YCR-6fzWbJ6f2wtWGHmOJbyAl71LoQfQxjhZcTSLFSEyJTLQyp1ilnIQFhEgNtNt6E3_Ak6tj1Q5jLHqtCcH-PD1ztwmnJ2dU-o1mo3kYgjkmX-fgmCWohOaiZ4kQx6DY2hD-u8i4SrIGR60sIVHf4JqQoMXC2_630hrSxyR0JOwqAP9VhVaRbQxoC2mm9YO5j0-D8BOywxYojBsaYyOka4c7mIEz5BxdZEBs6n84bXpR17zWlNkPab5-rU1_vIr9nGDbdfwkjsqlXZn7D7wdeNyxbOgTeIHlSMBoD9yj1V7yT6-Ktnf60O44x8j67ovq65XvstTHuFJ_-obUjuCWr3g-LhgZeYWo4kuH6Rx7PQ822C7KNNN0xka-CXvl-JDuYNP1-rF0jPsan60ZP7Ae2jQgre8q7mp_Fn2dX1NchuTbT53UW9-wcmgUr15p2XMM3Qj5czfDEZbHrBrEuqC_2Hdx6qzjCfkfgYmAyGHlSIcIg6XWZMjdkZI8-CeVc5juHWKf9nqzcJKk8_vO8SzKekvge3GAETyMiCQ9U32Pyh8xNZihlFsC5g81MtFENZF4BtTr1mIYbHSwfkMSH5mfxUQjRQ3ZptbaMP70Bss0QbRli3byWPp21nBwcy0fIvj9bA9XHP9bENL5LDhQMZYiU2o9EXyt_i5oPbVuSgMUufDJAJ3zyfC7Ysv_ki4yA2AzGtWaaQAyfPJU0GRN6J8v5vHR3pVMjRldz5e-XALpunSssi99LvBIIjH97cQlIEnMn_h38Rd7ZQDgknXf1eWMDDQpyL5Om8T2NQw&sai=AMfl-YRDvE7Nf-DjQpJVwiV6qQYaSbD5UTbkIcitVUN4SPYY28PauC2FIA20-aMXt1Wqku21BVcfQtwbo_i5lZyPGVozccFunXGnsf3tWtQUF2QarFxquuSR55JNAJpm5jWMfyJ2zJkqhT9q24d9AyDUkEoaakHivLXyzghKdzVQuim8lRUAf857nankALF_eFnOCRostUu4DEVDjIkDNCn6AY1wqxjhzIwKQoi1AhU5C9JbLLWDZx-MQzKMlAtV2sUlytxgNBALYY7Muw&sig=Cg0ArKJSzOQoDRbYCBdqEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=134&cbvp=1&cstd=131&cisv=r20221206.35015&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 11 Dec 2022 14:25:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame BA95 0
338 B 201ms
45ms Image
text/plain 52.16.228.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?confid=rvqai3tbe&advertiserid=8241072&campaignid=28936286&siteid=7876980&sitename=N755990.4455546APEX-DV360-CITRO&placementid=351732316&adid=%adid!&creativeid=181483021
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.16.228.49 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-228-49.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-served-by: beacon-n012-dub-prod.krxd.net
date: Sun, 11 Dec 2022 14:25:29 GMT
cache-control: private, no-cache, no-store
x-request-time: D=57 t=1670768729
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 63D1 36 KB
16 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 200 gsap_3.1.0_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D861 56 KB
22 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.1.0_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc487336acb3ea5ed2cc6ca09757137d612286c0ebb00587a997ecbea9053546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22938
x-xss-protection: 0
last-modified: Fri, 24 Jan 2020 21:59:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 14:25:29 GMT

GET
H3 200 fond.jpg
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 48 KB
48 KB 23ms
20ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/fond.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02e3d57005d0c30f405619b147da27a7effddd542394133fb2894f2601a64333

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 17:24:00 GMT
x-content-type-options: nosniff
age: 421289
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48976
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 17:24:00 GMT

GET
H3 200 fond2.jpg
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 1021 B
1 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/fond2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

202985ca3f8ce5e551a44bcc8a7a71a6fafed17404e528e1a1f542d5c53626e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 01:52:20 GMT
x-content-type-options: nosniff
age: 45189
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1021
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Dec 2023 01:52:20 GMT

GET
H3 200 c3.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 12 KB
12 KB 35ms
31ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/c3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48cfeda4ff32fb8ab9f17fdf3f2bd9ab8f9284760a5558850648df1593028688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 13:31:11 GMT
x-content-type-options: nosniff
age: 262458
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12520
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 13:31:11 GMT

GET
H3 200 c3aircrosssuv.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 11 KB
11 KB 26ms
22ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/c3aircrosssuv.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d9cc24ecc01f0de3bc0285d6374f0c9010d57a935240cb1473111ca3d59fa2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 01:52:20 GMT
x-content-type-options: nosniff
age: 45189
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11543
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Dec 2023 01:52:20 GMT

GET
H3 200 hl.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 3 KB
3 KB 34ms
30ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/hl.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e7333ca7696bf20689cd8af457de687912a3347105bef454c0a77ea1a2b095a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 03:33:55 GMT
x-content-type-options: nosniff
age: 125494
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2702
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 03:33:55 GMT

GET
H3 200 txt1.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 3 KB
3 KB 30ms
26ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/txt1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1debe1e27f1a6ac70dc16b567b8fc30b0f8f6745a1087c3a812361015a04114f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 17:23:00 GMT
x-content-type-options: nosniff
age: 162149
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3502
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 17:23:00 GMT

GET
H3 200 hl2.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 2 KB
2 KB 29ms
26ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/hl2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48eccc6d8b9e5c5abf2bb3acf2f14d8d4441494aeb8d946ade932936d99eb277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:08:42 GMT
x-content-type-options: nosniff
age: 227807
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2273
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 23:08:42 GMT

GET
H3 200 txt2.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 4 KB
4 KB 28ms
25ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/txt2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c6a70064fa2361b572150355e5eb5b94d38830baffdea37e51ef165ca0552a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 09:42:23 GMT
x-content-type-options: nosniff
age: 189786
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3632
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 09:42:23 GMT

GET
H3 200 offer.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 6 KB
6 KB 26ms
24ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/offer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10e98d7e5fc5e5594ecb68aebc7393499b69612528901ea2c69e65b2e4cad1d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 01:21:21 GMT
x-content-type-options: nosniff
age: 133448
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5993
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Dec 2023 01:21:21 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 3 KB
3 KB 25ms
23ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c22c9e572650a65e02f3b7e509f1f1b999c2fe55aedd77d32bb72250765fca2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 13:31:11 GMT
x-content-type-options: nosniff
age: 262458
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2932
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Dec 2023 13:31:11 GMT

GET
H3 200 logo_citroen.svg
s0.2mdn.net/sadbundle/17814218739588843596/ Frame D861 4 KB
2 KB 32ms
30ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17814218739588843596/logo_citroen.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2326136d77ad94b2a003717cb9ab385e457d1762954f9bb521157b570656690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17814218739588843596/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:09:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141356
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 14:02:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Dec 2023 23:09:33 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame BA95
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1221565/67009940/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=&adsafe_pb=https%3A%2F%2Fst...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=

1 KB
1 KB

72ms
33ms

Script
application/javascript

2600:9000:2127:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Server: 2600:9000:2127:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 14:12:15 GMT
x-amz-version-id: TygnAIDVk51RE3D9bQXOkCWfuq1.1a5K
content-encoding: gzip
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 346396
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 07 Dec 2022 14:11:45 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: MHpwMZoK2QTNiePDpAiI5XUloiamWy7L6bD9fx-WaupcVDNlrC9gTg==

Redirect headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: app03.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WeiVY4KwIua7x_APp5qq8Ac&cbFunctionName=goog_wrapCb_WeiVY4KwIua7x_APp5qq8Ac&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame F431 91 KB
23 KB 112ms
30ms Script
application/javascript 2600:9000:2127:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 01:04:21 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2294470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: fnF80jkuDPRzkqyBZ-AevMJ9X-aAroVlNpNQdNdtVtJh1U-HWdQJOw==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BA95 0
0 60ms
59ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLgPe0ckAW0PLOZDzcmfMTc_EqgvdYugpVDnQVU14CMqqzUp2Fje9rV00AXg5mrossynUvabWzECbcZPOs3mvDbs1emrDXXJuunq_X9JAOGF1Lc4zL4q5EBK93lpWVaYgV1YIOkguFRt1Qmmt1dj2m345Mxdzn0aTscuyf3hVn41hTzVads0M90hNU3jlug0L1sNKQt2-gapz7EV-Wr0qZHR8YfZywysiDypf3fvhrhR6awZCggVhTsxLZQV97LJ_yLuJSL3NeDsRheV5Kl9Enr89qPthIXmjDPyst_bbtW5b3F7wJVoDJFdscFWN5X3oTj3mWmhyUgn6SucNYKobDCjfQUSuCkjDRmj1KYxdbiOPuylqvaQb3sUzA-0u1HoDQ_36D3017g6zQu7ZFxScFLf_L6vW_cOm8Qf_c_eBSx_9RQCK2w8czNiH6yB45ffli3wwvs1YCR-6fzWbJ6f2wtWGHmOJbyAl71LoQfQxjhZcTSLFSEyJTLQyp1ilnIQFhEgNtNt6E3_Ak6tj1Q5jLHqtCcH-PD1ztwmnJ2dU-o1mo3kYgjkmX-fgmCWohOaiZ4kQx6DY2hD-u8i4SrIGR60sIVHf4JqQoMXC2_630hrSxyR0JOwqAP9VhVaRbQxoC2mm9YO5j0-D8BOywxYojBsaYyOka4c7mIEz5BxdZEBs6n84bXpR17zWlNkPab5-rU1_vIr9nGDbdfwkjsqlXZn7D7wdeNyxbOgTeIHlSMBoD9yj1V7yT6-Ktnf60O44x8j67ovq65XvstTHuFJ_-obUjuCWr3g-LhgZeYWo4kuH6Rx7PQ822C7KNNN0xka-CXvl-JDuYNP1-rF0jPsan60ZP7Ae2jQgre8q7mp_Fn2dX1NchuTbT53UW9-wcmgUr15p2XMM3Qj5czfDEZbHrBrEuqC_2Hdx6qzjCfkfgYmAyGHlSIcIg6XWZMjdkZI8-CeVc5juHWKf9nqzcJKk8_vO8SzKekvge3GAETyMiCQ9U32Pyh8xNZihlFsC5g81MtFENZF4BtTr1mIYbHSwfkMSH5mfxUQjRQ3ZptbaMP70Bss0QbRli3byWPp21nBwcy0fIvj9bA9XHP9bENL5LDhQMZYiU2o9EXyt_i5oPbVuSgMUufDJAJ3zyfC7Ysv_ki4yA2AzGtWaaQAyfPJU0GRN6J8v5vHR3pVMjRldz5e-XALpunSssi99LvBIIjH97cQlIEnMn_h38Rd7ZQDgknXf1eWMDDQpyL5Om8T2NQw&sai=AMfl-YRDvE7Nf-DjQpJVwiV6qQYaSbD5UTbkIcitVUN4SPYY28PauC2FIA20-aMXt1Wqku21BVcfQtwbo_i5lZyPGVozccFunXGnsf3tWtQUF2QarFxquuSR55JNAJpm5jWMfyJ2zJkqhT9q24d9AyDUkEoaakHivLXyzghKdzVQuim8lRUAf857nankALF_eFnOCRostUu4DEVDjIkDNCn6AY1wqxjhzIwKQoi1AhU5C9JbLLWDZx-MQzKMlAtV2sUlytxgNBALYY7Muw&sig=Cg0ArKJSzOQoDRbYCBdqEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=357&vt=11&dtpt=223&dett=3&cstd=131&cisv=r20221206.35015&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Dec 2022 14:25:30 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BA95 43 B
215 B 378ms
117ms Image
image/gif 2600:1f18:1aca:4281:c410:d4b:3343:fab
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1221565&asId=2fe4e827-9808-3783-bd3e-91f365b3dc31&tv=%7Bc:wuWHgf,pingTime:-3,time:72,type:v,im:%7Bpci:%7Btdr:36%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:19%7D,%7Bpiv:-1,vs:n,r:,t:68%7D,%7Bpiv:0,vs:o,r:l,t:71%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:72,n:3,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~728.90%5D%7D%7D,%7Bsl:n,t:68,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4~1,0~0%5D,as:%5B4~728.90%5D%7D%7D,%7Bsl:o,t:71,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpIzk1d+11%7C12%7C13%7C14%7C151%7C161%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1b2%7C1c1*.1221565-67009940%7C1c11%7C1c12%7C1c131%7C1c14%7C1d1%7C1d2%7C1e1,idMap:1c1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:20%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:c410:d4b:3343:fab Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: dt22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BA95 43 B
215 B 371ms
113ms Image
image/gif 2600:1f18:1aca:4281:c410:d4b:3343:fab
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1221565&asId=2fe4e827-9808-3783-bd3e-91f365b3dc31&tv=%7Bc:wuWHgg,pingTime:-6,time:73,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:74,n:3,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~728.90%5D%7D%7D,%7Bsl:n,t:68,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4~1,0~0%5D,as:%5B4~728.90%5D%7D%7D,%7Bsl:o,t:71,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpIzk1d+11%7C12%7C13%7C14%7C151%7C161%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1b2%7C1c1*.1221565-67009940%7C1c11%7C1c12%7C1c131%7C1c14%7C1d1%7C1d2%7C1e1,idMap:1c1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:20%7D&tpiLookup=ao:www.proxysite.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:c410:d4b:3343:fab Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BA95 43 B
215 B 363ms
113ms Image
image/gif 2600:1f18:1aca:4281:c410:d4b:3343:fab
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1221565&asId=2fe4e827-9808-3783-bd3e-91f365b3dc31&tv=%7Bc:wuWHgr,pingTime:-2,time:84,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:257,mdZ:557,beA:570,beZ:571,mfA:572,cmA:573,inA:574,inZ:576,prA:577,prZ:583,si:589,poA:591,poZ:611,cmZ:611,mfZ:611,loA:643,loZ:645,ltA:653,ltZ:653%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:19%7D,%7Bpiv:-1,vs:n,r:,t:68%7D,%7Bpiv:0,vs:o,r:l,t:71%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:84,n:3,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~728.90%5D%7D%7D,%7Bsl:n,t:68,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4~1,0~0%5D,as:%5B4~728.90%5D%7D%7D,%7Bsl:o,t:71,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpIzk1d+11%7C12%7C13%7C14%7C151%7C161%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1b2%7C1c1*.1221565-67009940%7C1c11%7C1c12%7C1c131%7C1c14%7C1d1%7C1d2%7C1e1,idMap:1c1*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:20,sinceFw:62,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:c410:d4b:3343:fab Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: dt24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63D1 0
20 B 173ms
173ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BG6y5WeiVY4KwIua7x_APp5qq8AcAAAAAOAHgBAI&bg=!s7ClsPTNAAYgquz3AKo7ACkAdvg8WqZhDFRy2PSDu2o1VwymIrZAlGv2dJNsoaLahMDNB6Qm2UHUAwIAAACcUgAAAAJoAQeZAvjWbVZCEDmB-w-GHyN4iYBOtceB6nYIX74R-bCclfsNcuRnPsNcMS8T-8butw9Zy0tRedKRwHNftJzYiDuB2PCYZeCOOKOixOyVrPuKSZMQibYhX2gzU4tMhD6j8A1jb_3eYHg88VeYGyGdyvWhpB04MY6shDHSY2yOaqsJsoOnYcghuGxYmv3ZxtdZVIEAtl8M9jY-rOFBOAaI9w52n4f260tWSjeGz3X7YlnJLBKg6RxUnbwZH6pzUVsr6yKwOBI1rcT_Uu0qXAWT39dHDmlbRqt0neV7ZL6ktzJueaxiIQxcdIi03xP6JI6yjIJ657_p0u5WVZvhb_TSQ_dDAVybD_aInVCexIEeGAldnI1tbUa-82tpDGaHv1mjGzt3KI6oRvqyP6CGIbfBethi4mozrw-q46qmqLOY04abd-FqDpAuPx4HW9o5SjqOrB0UjmHri8H5qPwwUXVhzl6Kdl7io9u7aTyCc8YZoAebbFgfi_xJnLDAdF5-F2DHsuVYdqJg4hK4Ng7zqxau2kwNZIkMpIynVe_i5FzFgr3bQIU8AgKFmKO2V6TLEItVtP-RTeUWiHi57A8vlW9OM-hX2HsiOAcTn2uBRsyy3joAC6beDg2gqaf__t0iNNp4A34QlqXkkcVBHcjl3J0_so1Ja_LoEdV8k74npgPHCpznBIQihx8fvcj63s8lnC8cEwae1uN84pElmtjkGBryAPwzGN-VtO7UVDvpcfeQkA6hRCr78ntqWz3iKJi0IjUsxhjK-ygr094OyXrSS7ldvARGYTQiTWsGmvTQyMOnWgivQL6Os0KltczOsLva22B4esL64txGDefA6P-vaR7pJjQXogsvYBgyM71QohMtGw2EgphPC_co6iAQKaQxxmPca1i3omyymDM5PGtDq7Ue3E4xFODH19MJAZGMROFN-n_fkMOn7g3LameCXfqlpFL-nafWbz8q0WWR5tnBdDKvenXQOu3HRAX4VsDar3q2XcQc4v-m7zlp5bDDWC15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FFDB 42 B
64 B 217ms
173ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvvpOyRCE0H3yfgP4ZoINiKPCDWUjob4PMbZCh8lHBH99vIn02gzhQuHPfYi-v2v1d8Rqw0infPEVwcwWkjcusmjRJTcxQd0YkiwYLSRMdNogGv6S7JIvoDsjBZ6z6Mjhrww_Tqig&sai=AMfl-YSHcIAkY-XR-OYlGmEDN_4jMsVqGYGB1gYDrU9VmHkrwt-PlrRch002ziULLuc4eq4uNTsk70eRCxDa8yI&sig=Cg0ArKJSzJdYGPUT7da8EAE&cid=CAQSGwDq26N9Y-UDP1r_jAVKQj_fuEOBG8y0PbpT8BgBIBM&id=lidar2&mcvt=1000&p=0,0,280,990&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=523175106&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670768727843&rpt=1241&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 0
20 B 164ms
164ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=pvtw&eid=WeiVY4KwIua7x_APp5qq8Ac&p=ias&bl=0&twt=471&st=355

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BA95 43 B
216 B 263ms
112ms Image
image/gif 2600:1f18:1aca:4281:c410:d4b:3343:fab
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1221565&asId=2fe4e827-9808-3783-bd3e-91f365b3dc31&tv=%7Bc:wuWHi1,time:182,type:e,im:%7Bimprf:%7Bttecl:470,ecd:135,tsecr:2%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:182,n:3,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~728.90%5D%7D%7D,%7Bsl:n,t:68,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4~1,0~0%5D,as:%5B4~728.90%5D%7D%7D,%7Bsl:o,t:71,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B111~0%5D,as:%5B111~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tpIzk1d+11%7C12%7C13%7C14%7C151%7C161%7C171%7C172%7C18%7C19%7C1a%7C1b1%7C1b2%7C1c1*.1221565-67009940%7C1c11%7C1c12%7C1c131%7C1c14%7C1d1%7C1d2%7C1e1,idMap:1c1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:20,sis:157%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:c410:d4b:3343:fab Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0611 42 B
64 B 171ms
171ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvyoSfTOwk563ID9n2a5YOmfUd9xVUYa49SNupT7M-Yk2TE9gJT-rXHqY67ih6paRA58qrY1897HSPTyir4sDIEYLqnGxDRsJHhZu0cKPknB3PBR6nAwDGpxuTs7GqLadh7eQXKEw&sai=AMfl-YQtahjF4Iv6Q_JeSvCF3MYFGJSHZa30CumVdg3k4oT3DSCqFuYW45uMhsqzH5pgTO3jxT1CyZtR2_XrlRo&sig=Cg0ArKJSzGo7qmKmfMdLEAE&cid=CAQSGwDq26N9mZtG2s6RD4Zcg_KGNELdI5sGPMh_sRgBIBM&id=lidar2&mcvt=1000&p=0,0,280,990&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3927345067&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670768727831&rpt=1353&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 66BB 42 B
64 B 172ms
171ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss5r2Int0-zh9PIcnXukt8j5DzOnWXRbWA8EpDhrBOlfloSXEMobk9UTE7qo6t7vs3JA1Op4AipXNpd69MkJfsCJ5D7PrGcHDw0TB7n9yVBe5GH5gskqC2I5YfledMVz2XA4D4Rnr23nB7ZNSHNbT0-e4Fm6A9Qfq8D4VqtRqBvZDskVSergEOYh5rqAktI7BMoanSKCak_Ppu1UGcB5dAe26BTqVA8Mj9QqMgP8V6Q_Q47C9afIasnvLURFtkp5wqnEkdacJoeoRI3046kOZtqDefGB71pnoeRMroU6VTiM_nH50ku0zC780zORtMkpEh1RUPkSJxualY8eYOtTiIYRGl1UO18lnt6mJIRSEb8WgElynP0jVv6JlSqpmsDjc_uGnzjvDBQ_F77W77Osybo5zMutPKCOVVamtMDs7tRVEHKB3oXzOH35CsTKDZHW4ig6sPMj82_m3Cx5KLnfZSuo8phz4nMvvuV2iOW4c3KszQ3SkqIYFUz2bgT-yhcqbynP92NMUp3gKmvbvzrtzQ00mrNHj14b9tK0yBcgXj8f27B2nRNdKuqPaD6tbmcY_R2_qVcH1VLqOm6Z3G1payXzOuLe49M3XhrTQeRFnkYsKm-5efb07RkHX107jxbn5aZiTaLvWbgT783CF-R0O6XAm96TVAUeETYePigHSZXqLJPCfcmnTIh0LrCShACTIIZAiZYoszrwDvplErf4QfZKYYkWVEC2jBdKR0Jt0OA_9U_wxkbUHOV-Ks6WcY7rb3-ahv_KRXlxk9898C3LiGjfUFv4t0PNhUUg55WoQz5P0r3TU2wLYMZ_i3uKe6vQ_vtGv0lHMMD9USxnxMILvGyKdkZ61l_A1r_CAG_Zj3biQqUPrTBExqG4Qm2-d4CsVE6S74R2vXbOIEKQcfbXV3xU4PtNFkAM0EsmYtw5pX0fze4fVxqk336l4WIgOuNZ1CsiexjIo7MJgSV1-qx1cGEOhy19OE-KKAIrNxnSewPUJ7IQ6qH7YjUn5y0O4B4m0522ZxUXbbr&sai=AMfl-YSrhAMAACRQcANckQYv-N43D-WBNuvHYad5gxa72BNyoX6fyp2P4mYOVsp1lTSwyUG-6BQ8G4t6T1zDgHpAOH_MW5FbYeHi5Jei&sig=Cg0ArKJSzGbwWt4YjfZ3EAE&cid=CAQSGwDq26N9CQb7aYs3KK0RptG9AuAcc3LO_SYzSBgBIBM&id=lidar2&mcvt=1010&p=0,0,124,1005&mtos=94,731,1010,1070,1200&tos=94,637,279,60,130&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670768728988&rpt=187&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BA95 43 B
215 B 113ms
113ms Image
image/gif 2600:1f18:1aca:4281:c410:d4b:3343:fab
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1221565&asId=2fe4e827-9808-3783-bd3e-91f365b3dc31&tv=%7Bc:wuWHmh,pingTime:-10,time:446,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA4LjAuNTM1OS45OCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1670768730400%7C%7Ce0724787632892d40a8acf6799fb3163%7C%7C0de43d4db49fea79bddae584752a1e87%7C%7Ce8893fe9d71c9cced72c854f9d7e8d14%7C%7Cecb97ef88298cbfb2bf3fa4d46c57fb2%7C%7C4272ed0ef142baab33c1ed50c90d54d9%7C%7C2184215d595c68656abdc00479be9788%7C%7Ca99c5c4599620e766de5132f65967ae4%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670768728&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670768728840&bpp=1&bdt=1819&idt=-M&shv=r20221206&mjsv=m202211300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9974f73a7d7fc9ea-22229222f8d90083%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA&gpic=UID%3D000008cfef0b5c10%3AT%3D1670768727%3ART%3D1670768727%3AS%3DALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=2501798545303&frm=20&pv=1&ga_vid=671281270.1670768728&ga_sid=1670768728&ga_hid=1375545885&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31071113&oid=2&psts=AMjMPc1kKen03pWJkshsZ6rZ0Q8oTKYrRm-SpvysWWnuHOgGsN9YRJtUXolh6xAzxzEucqna9BmVNJHY8LIC2NmScQ%2CAMjMPc0I3ld4HW-DXgvzJDV0ARG7oRlrAJPTmNwmQiGODOG2BboYJ2HkgdzzTse-dfEajKCyxZtpBaw5JEl3b8ZA5Q&pvsid=3484705495856268&tmod=1359884314&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=kuqsttf6Jj&p=https%3A//www.proxysite.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:c410:d4b:3343:fab Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:30 GMT
server: nginx
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 71ms
71ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221206&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48f28a2fc278b68b8b344d6e3dfc6a32320566d6af6607b170c5f54c9069f18a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11186
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Dec 2022 14:25:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B27D 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:16:32 GMT
expires: Mon, 11 Dec 2023 14:16:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7FF0 783 B
534 B 30ms
29ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

45cb6887f7ac406e72155fd288b42fe56f578cb8c79199a73b17775541d6129c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-U5H6vaYoquouY0vuq-Zi4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-U5H6vaYoquouY0vuq-Zi4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 11 Dec 2022 14:25:30 GMT
expires: Sun, 11 Dec 2022 14:25:30 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7FF0 0
0 164ms
164ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221206&jk=3484705495856268&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame B27D 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 17:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73896
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 10 Dec 2023 17:53:54 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B27D 0
11 B 21ms
20ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ubu0qA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sun, 11 Dec 2022 14:25:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 172ms
172ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221206&jk=3484705495856268&bg=!ExClEFTNAAYgquz3AKo7ACkAdvg8WvvuyqtDsm5y-NWqtkZ7lxYna3_dsNNOiN_EUHtJGqO9jeJKygIAAABLUgAAAAVoAQcKAMoJ7SMF2VAoahSd2uyJiPXHel0lFJikmhYvndkIhZd0RRVOa65rKPjAxL-43GZ_JpBIfGfIT0PiRRkC5H6oj_MGrxHdHcW1B9dazns58D-839sZKyrZ31zitQYh2FB7Ggp3chchwgZkRzpJi_5fMWWJRgCKMsU4Lys21OWppeaNrCzZ72-7dFGPUui92PS1TrPzgs8X1GYthyJqhipNKYxySbhErowVgXFS4yc63dMwyYBoJDZOsJaswpHWHpCnCdTKgnH88vWlbUjNmQKZwFCQAxQMpnEfPL3hXeWe6U1TrQK5WJOQKsebn6eSD2_U6MlOMR9oSRiCANsA2QajF0EbsoQo7rUJGJJnfGN_unQcODMHJpV0OHGRvo74-vSIRrU4AQ_ZOXFgZrWZukFuBzp1GYywSy3aG3Q701j1ZJhFToRE6VxVBaiG8HMXeCin5Fs3htzKTKRNbQxsVWAdwQYIed8l-oxAd41GWux5yR3mYos5edIQ0a24C3BueHA-Z71CKkHPXJY6-BB2nJYzxFLhUK-zU3T5GobWCirnd-vtxiaMzDXlIvagep-tSpyzK2RRNrmiJSPJdW9CBKEIxDgm94MPtv7nI7rQlNQtoGZgfQjS5dgaTVrz7KFS2RovSY_UhNNonGZz4Y1S3NLZY_FBG2IgWlck5VfU4kOdj_jllyeJKWXaCytce7HGssQfdhL5GqgPxbRiY0UEFQ9IH5b0oElikVD3P4ofrhE4YD1QLvw-M1rKnUbLVi3ap5cL8NQGaqWqN3louuNCKH7fHrUyoQTx1hc18YBkkXV21mn3GvdxCAvTThcen6oLLUNI1gICBZ6aGsDyDuq7eaCrZeADO-TSL1RCJfo1qVSUIkKQ3Hl9Rthb6qDbagU0oWPl6Mczgthi1LEcXKxN0vIh-YeOHBvnZZCcpR3wueCSe0Akc5lQZ14r8vQc_SS57PZ4JKx6cYqQF7FfyELo5RANWmlnghHGldasvVRPgpXszl0id-eWFOz2Ddgw1nZD2f7DohaLBTU6JQ2_5SDPWTVxiCFT5yXbMT0YD_TkFVH_5mPi1456bzDoV9c4ylsOVrj0bAlU17CDviaCYuw9yWQWv9qkwUYy_2ByHYezOhHAg3HlNXOJFDp74u7J9rJvJJEeHXhDzmnAsjk
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA95 0
20 B 164ms
164ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6201223683981&version=m202209210101&ct=76&x=1&cor=5399582600289340000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Dec 2022 14:25:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
us8.proxysite.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: e4sefa6u4mh8f02c5v84kj83qn
www.proxysite.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0asrddvnngusdiaoddgasibi47
www.proxysite.com/	1970-01-20 16:51:44	Name: hl Value: en
www.proxysite.com/	1970-01-20 08:16:13	Name: AWSALB Value: Goc6E4zCm9ECKt+tWgQcqEku/X60NmayecfuwPC+AHx+YYhLRWugTi+V77eNzz8upVjn6ooGv6gB/ptgrLjoRO8//gEIQVEF8990Jo7cftn1BV7JlRqEeL/KzZA0
www.proxysite.com/	1970-01-20 08:16:13	Name: AWSALBCORS Value: Goc6E4zCm9ECKt+tWgQcqEku/X60NmayecfuwPC+AHx+YYhLRWugTi+V77eNzz8upVjn6ooGv6gB/ptgrLjoRO8//gEIQVEF8990Jo7cftn1BV7JlRqEeL/KzZA0
.proxysite.com/	1970-01-20 17:42:08	Name: _ga Value: GA1.2.671281270.1670768728
.proxysite.com/	1970-01-20 08:07:35	Name: _gid Value: GA1.2.2000957023.1670768728
.proxysite.com/	1970-01-20 08:06:08	Name: _gat Value: 1
.proxysite.com/	1970-01-20 17:27:44	Name: __gads Value: ID=9974f73a7d7fc9ea-22229222f8d90083:T=1670768727:RT=1670768727:S=ALNI_MYrXuqeUuI31-tT-H5NV5MvhajOSA
.proxysite.com/	1970-01-20 17:27:44	Name: __gpi Value: UID=000008cfef0b5c10:T=1670768727:RT=1670768727:S=ALNI_MbD0yBJo1zbKOLkGif47KESL0qrJQ
.doubleclick.net/	1970-01-20 17:27:44	Name: IDE Value: AHWqTUmJwjvmmZxPSYhcE-tpKu3ZMtZbXKeXjUoqtIgAa0znll7bnmgF2l4yN5Z0ec8
.casalemedia.com/	1970-01-20 16:51:44	Name: CMID Value: Y5XoWK2wOEvh.w0FiCTXlQAA
.casalemedia.com/	1970-01-20 10:15:44	Name: CMPS Value: 5223
.casalemedia.com/	1970-01-20 10:15:44	Name: CMPRO Value: 5223
.adnxs.com/	1970-01-20 10:15:44	Name: uuid2 Value: 5920729547686940282
.adnxs.com/	1970-01-20 10:15:44	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTsnZO-0!]tc58i_iqf!oN/@E'zz<Z0QS'cjY9IguB7XJ6V>o<TY2<w?fGjtZSXzrTD._PlZ[C[-kX-4-VON
.travelaudience.com/	1970-01-20 17:36:23	Name: _tracker Value: %7B%22UUID%22%3A%221A3F2047-FFBF-4DBE-8D3D-FD411A612E6C%22%7D
.simpli.fi/	1970-01-20 16:53:11	Name: suid Value: 099162268B924AF1A259FA479226C48A
.adform.net/	1970-01-20 08:50:47	Name: C Value: 1
.w55c.net/	1970-01-20 17:36:23	Name: wfivefivec Value: 1Yt9rPJc1P4ngJ5
.w55c.net/	1970-01-20 08:49:20	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 09:32:32	Name: uid Value: 2726030933229443243
.yahoo.com/	1970-01-20 16:52:06	Name: A3 Value: d=AQABBFnolWMCEH8iaTpOmxP8W-C2WXJPkYIFEgEBAQE5l2OfYwAAAAAA_eMAAA&S=AQAAAt0V9FoW2S2XpKt3Lu-dMO8
.bidswitch.net/	1970-01-20 16:51:44	Name: c Value: 1670768729
.bidswitch.net/	1970-01-20 16:51:44	Name: tuuid_lu Value: 1670768729
.bidswitch.net/	1970-01-20 16:51:44	Name: tuuid Value: f9ad4fdc-3c58-4f42-a97d-1e1aed87b4a4
.adfarm1.adition.com/	1970-01-20 10:15:44	Name: UserID1 Value: 7175897050265876632
.bidswitch.net/	1970-01-20 08:06:09	Name: google_push Value: ASkJ3FaiN24xRjuuBXwyDcgmyO-bZvdApm4BoLiDZp5-cCleyE7oEUaAXnjFhbAZ1j-tQ_712cTTVN4z5cM6sgI4JzYtsbUJu5vCKg
.casalemedia.com/	1970-01-20 10:15:44	Name: CMTS Value: 5221
.innovid.com/	1970-01-20 10:15:44	Name: uuid Value: 2576219a-770f-472d-9ee9-1f419884c353-20221211 09:25:29
.mathtag.com/	1970-01-20 08:49:20	Name: mt_mop Value: 4:1670768729
.mathtag.com/	1970-01-20 17:32:03	Name: uuid Value: a8f46395-e859-4b00-80c4-c64cca0d0f52
.krxd.net/	1970-01-20 12:25:20	Name: _kuid_ Value: PQGNMAP0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.travelaudience.com
adservice.google.com
adservice.google.de
ag.innovid.com
beacon.krxd.net
c1.adform.net
cm.g.doubleclick.net
connect.facebook.net
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
platform.twitter.com
pm.w55c.net
pr-bh.ybp.yahoo.com
s0.2mdn.net
secure.adnxs.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.xx.fbcdn.net
sync.mathtag.com
syndication.twitter.com
tpc.googlesyndication.com
um.simpli.fi
us8.proxysite.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.proxysite.com
x.bidswitch.net
104.18.33.19
104.244.42.200
107.23.216.46
142.250.186.98
185.29.134.244
185.80.39.216
185.89.210.122
185.89.210.82
216.58.212.130
2600:1f18:1aca:4281:c410:d4b:3343:fab
2600:9000:2127:5400:8:48e:53c0:93a1
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200a
2a02:fa8:8806:12::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:d29:3605:6c4b:f51b:1183:ef60
2a05:d01c:1d8:8102:1f82:7aa0:f039:aca9
3.33.220.150
3.68.131.166
35.190.0.66
35.204.74.118
37.157.6.253
51.89.9.252
52.16.228.49
52.58.96.67
54.171.34.240
68.235.61.75
69.173.144.139
85.114.159.118
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02e3d57005d0c30f405619b147da27a7effddd542394133fb2894f2601a64333
0316ac8210f8ed0c0f0c33ae67ab42dc5753840020a5a73841b0ca867c308cd2
036a97f58ae41233cce615d76fb5511d15d9db41201bae08f0099eeb07faec28
0809dce74d140cdb75918db36517dfca9fee927aa704fd47ee48432aee8986b5
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0ac9094e17f405afb1a4cb915170e1051a048db8597a64460222f03fab4dcc76
0ad3fda2b881715e85727f4f39c1769fe64940508a2b851a8f516db084427bc7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c6a70064fa2361b572150355e5eb5b94d38830baffdea37e51ef165ca0552a8
10e98d7e5fc5e5594ecb68aebc7393499b69612528901ea2c69e65b2e4cad1d8
11448dd68e1fa25fb7241c12b37761a28bb828c8b2fd1df0a8713b7a75e4708e
11fa6b5a669c5ce3c47f4b4163de4630ad546255a544643a5822ef0bc71a1417
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1debe1e27f1a6ac70dc16b567b8fc30b0f8f6745a1087c3a812361015a04114f
202985ca3f8ce5e551a44bcc8a7a71a6fafed17404e528e1a1f542d5c53626e3
22d52950042f336fa4fb44060b0591eba74da449d2442ffdb347c6a0a92df98a
236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795
24c0b35e55ea0b3943ac09f528678664df90fa96bc337f0580ec4e5f639b7d50
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2d9cc24ecc01f0de3bc0285d6374f0c9010d57a935240cb1473111ca3d59fa2a
2f1513a46b73f5ada51bafe9acd73abc1489f912de163236e4b6480a8311fb18
3124f8c3554864904bc2587cdd296da9f581cb26dee63a1fbff8382464115340
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
35d4a453929aeb9cb4ca18e20087e72d2b251d050a6a7ec20931c152049d341f
3cee69d07c93d87ecbb03f206ddb86c9d4ba12638a18ed177de725be2eb8333a
403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45cb6887f7ac406e72155fd288b42fe56f578cb8c79199a73b17775541d6129c
48cfeda4ff32fb8ab9f17fdf3f2bd9ab8f9284760a5558850648df1593028688
48eccc6d8b9e5c5abf2bb3acf2f14d8d4441494aeb8d946ade932936d99eb277
48f28a2fc278b68b8b344d6e3dfc6a32320566d6af6607b170c5f54c9069f18a
49d151208e62ccc69c6eb8db3a55e44a7f488474be36cd6ffe4f90e4e3098ec1
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d72b3c20758bd015ec659873fc11fdeee0a28b9ddc005e9c4b1b5b1d7ab4a2b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7333ca7696bf20689cd8af457de687912a3347105bef454c0a77ea1a2b095a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d8c858136bb2be340ee5737bc6deea952a62599a4c1d9de65eec49e71d5831
5e9195fc00b28413c80eafbeebf6ce51782db81e60f33931d06ea6d983a45fa8
60738e0c21e145c63411dab779e72942f078ede817a5cdf57466ef0e61ff8d49
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62577c7ab6842378aaa990590fefcbbb50c7b4a2cd4f336483a4ebc884f6562e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66b1558ac7eb244e9a3905c93be0c89ea86e7fa53c084609d2cbd0af38a9d03b
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
6efb7b936f94c216c528ca31cd995fabb7c82bbdfebf0afc8aa1fe816e6e2101
724acb468e6daf873120d385f6717f09d84ffb51b33c81cb135597dad94ab4d7
770da7643a54e06b63d0c10b9386c21eebe7fe791bbd43e760a9f763aa95d26f
7ffcb15458cc6d82ade6166ddb0788afe839679e06d01368d615e8f2c0c6a5f1
82a6d26513f870f1310630d34c6022c40c132836db8f66e39d01e681eebf9e75
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
8a5c0c0b910e6d77f4260b98845217689efab91be77ed67e92fcb9e4d26608da
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
938bb7a4fe2818088711d433b38bb086516f778d8614faaf479ac89cf62968ec
9428518d1b1c9e441b6dcf1effddc210ce3ab2d1e0913be29695e907b4c82c43
948be491d78e0b9e68127c6f9f63087e7d510219c864731896cd9d62837e5a53
96ea283c1c37c5d7d4177bb32764f2873c8c9ef60923b637091f7afb1eac94ad
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4cb972f55cbc603ce89fc5f7bc7f674f7d05bbcbbbd2b1e18f41bfe0432b35
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9e34975a0a58f4262f18fc35a4a9efb9f9b3962b87772f8fa5c006d5b7bc3f57
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4efefe655420ba24822b4211332377fce95be90c0c4748e5053804407df93c1
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1af055020c131f46a904163df8a93d0d4a75ca533ec6e5f06905b6596e3095c
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b6d053d1e9e58096e106b6669c717095b007b0b78251652686ef7bb30d51102f
be369447b2ff86e0b119c7ad6d88e3e633edf0f3d5e1cd7f39ba6164a134d306
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12
c22c9e572650a65e02f3b7e509f1f1b999c2fe55aedd77d32bb72250765fca2e
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
cc487336acb3ea5ed2cc6ca09757137d612286c0ebb00587a997ecbea9053546
cc673c4f66f5b02af3a793375962ae6ea5eef31badfe6f11ae14668d511070ee
ccc1c7567bc104604261d962eb6d79329dc403f8faccfd97a80d72dd2924e71a
cfab7aa5fe1178e68f2e2d3b59d13fd3c77cdb506d5355af36d69ff8400d6168
d1e51a750ffe5d313e47183fb9ab52edfc90a6f72dabb017e600303900673c85
d3f154bd52d039a8d725c3a790c0887142a2963f09b28c6280e4629ca8521e93
d5042032c95f97e57f0bc66111c57f1e0674276a75b6f456b46830a34f0acb2c
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
dc2261fa7fc402f3869461ab510796c6a45c58b4910d7eaaf674bfefd5274e6c
dd0a588d42e8e6160cf5c6e0d781ca484cbc4476c73859380cae42a8d2468e4c
def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e2326136d77ad94b2a003717cb9ab385e457d1762954f9bb521157b570656690
e35a8f69bf211ed6d8ac69515a5cc50065a4131d7c93249164f3d48fa695e60d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d
eaee2371582b8c319e9f7b6432b570d1c7cc5bda80a6d7819521c6df355c3f9b
eb017893c619e7a0fdd41f2ac5376dbcee56cc6b09e1e7658ce292eec454925a
ecb0a51c8bccd33964654ecedc1115640eec2c15b217d843df9ed2c36d358060
ef028dcbc3214c674607e469f6eee67978100c94a963ea1ca7a09fef5dc211e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4eff5d156d2c257ac7c015552d66bf137f0b65517204d0ddffd5daf963cd156
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

www.proxysite.com Open in urlscan Pro 107.23.216.46 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

218 Requests

88 %HTTPS

50 %IPv6

32 Domains

43 Subdomains

31 IPs

9 Countries

2341 kBTransfer

6090 kBSize

33 Cookies

7 Outgoing links

Page URL History

Redirected requests

218 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proxysite.com Open in urlscan Pro
107.23.216.46 Public Scan

Screenshot
Live screenshot

Full Image

218
Requests

88 %
HTTPS

50 %
IPv6

32
Domains

43
Subdomains

31
IPs

9
Countries

2341 kB
Transfer

6090 kB
Size

33
Cookies

218 HTTP transactions
14 data transactions