www.proxysite.com Open in urlscan Pro
52.87.88.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1
Effective URL:
https://www.proxysite.com/
Submission: On December 10 via api (December 10th 2022, 1:41:48 pm UTC) from US — Scanned from DE

Summary HTTP 164 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 27 IPs in 6 countries across 23 domains to perform 164 HTTP transactions. The main IP is 52.87.88.72, located in Ashburn, United States and belongs to . The main domain is www.proxysite.com. The Cisco Umbrella rank of the primary domain is 203901.
TLS certificate: Issued by Amazon on March 28th 2022. Valid for: a year.

This is the only time www.proxysite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	68.235.61.75 68.235.61.75	() ()
1 18	52.87.88.72 52.87.88.72	() ()
26	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	93.184.220.66 93.184.220.66	15133 (EDGECAST) (EDGECAST)
4	2a03:2880:f02... 2a03:2880:f028:16:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
7 14	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
9	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	213.202.235.9 213.202.235.9	() ()
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	185.86.139.104 185.86.139.104	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.66 142.250.186.66	() ()
164	27

1 68.235.61.75 (Chicago, United States) 1 redirects

ASN- ()

us8.proxysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.87.88.72 (Ashburn, United States) 1 redirects

ASN- ()
PTR: ec2-52-87-88-72.compute-1.amazonaws.com

www.proxysite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 93.184.220.66 (London, United Kingdom)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f028:16:face:b00c:0:3 (Sofia, Bulgaria)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.184.226 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.53 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.9 (Germany)

ASN- ()

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.154.237 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.85 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (None, )

ASN- ()

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103 tpc.googlesyndication.com — Cisco Umbrella Rank: 139 ade.googlesyndication.com	597 KB
36	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 297	192 KB
19	proxysite.com 2 redirects us8.proxysite.com www.proxysite.com — Cisco Umbrella Rank: 203901	167 KB
11	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 269	250 KB
9	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 413	7 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	107 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 218 secure.adnxs.com — Cisco Umbrella Rank: 430	6 KB
6	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 758 syndication.twitter.com — Cisco Umbrella Rank: 1118	150 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	234 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	3 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 11832	1 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 833	136 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 604	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 743 r.turn.com — Cisco Umbrella Rank: 3406	869 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	89 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	18 KB
1	ctnsnet.com 1 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 7940	623 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 803	45 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1918	173 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 9589	60 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 840	699 B
164	23

	Domain	Requested by
30	pagead2.googlesyndication.com	www.proxysite.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
29	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
18	www.proxysite.com	1 redirects www.proxysite.com
14	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net
11	s0.2mdn.net	googleads.g.doubleclick.net www.proxysite.com s0.2mdn.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
5	www.gstatic.com	googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	googleads.g.doubleclick.net www.proxysite.com
4	platform.twitter.com	www.proxysite.com platform.twitter.com
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	fonts.googleapis.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	static.xx.fbcdn.net	www.facebook.com
2	ap.lijit.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	syndication.twitter.com	platform.twitter.com www.proxysite.com
2	www.google-analytics.com	www.proxysite.com www.google-analytics.com
2	connect.facebook.net	www.proxysite.com connect.facebook.net
1	ade.googlesyndication.com
1	www.facebook.com	connect.facebook.net
1	secure.adnxs.com	1 redirects
1	ius.ctnsnet.com	1 redirects
1	ssbsync.smartadserver.com	googleads.g.doubleclick.net
1	ssum-sec.casalemedia.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	r.turn.com	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	m.exactag.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	us8.proxysite.com	1 redirects
164	34

This site contains links to these domains. Also see Links.

Domain
eu4.proxysite.com
pryvacy.com

Subject Issuer	Validity	Valid
proxysite.com Amazon	`2022-03-28` - `2023-04-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-18` - `2022-12-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2022-04-01` - `2023-05-02`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-10-16` - `2023-01-14`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://www.proxysite.com/
Frame ID: FFC99722E167A59585FD9DB35F46EAFB
Requests: 37 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/zrt_lookup.html
Frame ID: 82A3084A29A3D313D90017A60D6367FC
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com
Frame ID: 1062DA0167486B0CC7B643101C389392
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694504&bpp=3&bdt=438&idt=179&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&correlator=3865945769356&frm=20&pv=2&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=w7gBRT2nY4&p=https%3A//www.proxysite.com&dtd=199
Frame ID: 7E4D63CC5F2BF818E87B48DE018303B2
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694507&bpp=1&bdt=441&idt=203&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5tgV7FHqpv&p=https%3A//www.proxysite.com&dtd=209
Frame ID: 08B820A75F4C479AA9E02F2D5C49B57C
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670679694&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694508&bpp=1&bdt=442&idt=215&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=tjXWFbPYAE&p=https%3A//www.proxysite.com&dtd=217
Frame ID: 715619681CA99498D8D893F104D8C0C5
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&adk=1812271804&adf=3025194257&lmt=1670679694&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.proxysite.com%2F&ea=0&pra=7&wgl=1&easpi=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=1000&asna=5&asnd=5&asnp=5&asns=5&asmat=0.4&asptt=-1&aspe=1&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694509&bpp=1&bdt=443&idt=218&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280%2C728x90&nras=1&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=223
Frame ID: 4FB89E702B47A88F66FF3163A99DF934
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Frame ID: FF4B05E5A8F1DFCD9CB6485E0D57E622
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUGk7cNLZxcW-RDSDWIZdgezncsb5NIRhFT6Xl_hg5gycXt9bvTd9ELd3DbhgjXgD4Rtu2jnwzGIkNJ4jb9rYi8yw7L0xeO9Ddi3SAtjW1nb3qvWRc8jCY9dqTdIP55sgXO3b9ezXXL35JHSSEFO-FBQnGSlfTojSZ4mfcha7QbqE6hm3I
Frame ID: A361F8877830160AB840C91D460CDC23
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4E743EA4C8D4422D07D0C4E1D1C3B930
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=uVdrXmgAkG&p=https%3A//www.proxysite.com&dtd=10
Frame ID: D2CD12A652AFAA6003AE1DFC66F75094
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Frame ID: EC5B051C2025DFA790A2C71FA7F213FB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=0&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=v5pUuGal0t&p=https%3A//www.proxysite.com&dtd=18
Frame ID: 3BF037EC0B371D6F37EFA38A94D03A98
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: CB297142F38EAD1633E2D5E5DFEA5F5D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: 3AB8F4FF9563EF905D756FDC3E2C5627
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1
Frame ID: E5E878B01BB97F9970990665721534FD
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DC0D8C94518C29DBDF2778B3898FDE87
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhj33Ma7ATAB&v=APEucNXxcig9GrcjO3OYyZ6mSaoPzcFF75Do04govZ9F6bRRdHlKtwl6KOIJoR8_8fMEA61r71-83ks9Jsft3h7OpRWrZYGa4MIcCq0V5qTmAVoU9AdWxU58wD4eEs3SoqOvhOB0J-JSK1u2SpLKiQP-4WaDY-w0ctC_ntmSLvtZ1l2H1MfSTHs
Frame ID: 8952353CA051C054EEB3063FFDAD5DDE
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: E7DAC03516050C7A37E195D915405A7A
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 233DFE1F5A8259E46BFBE99EA632CD35
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8F9ACA212285DCF727C6638D74B541D4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
Frame ID: AFCE5702751804F868076C8ADA77861D
Requests: 13 HTTP requests in this frame

Frame: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21725a2e36a054%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ffd9584a7d49fac%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80
Frame ID: CE2AE8139D0E6531DD2E0E32F03B97F7
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js
Frame ID: AE2542D073BC7BA20014C783F5E8E9C2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 66FD6518F20971AD95E459B0603B1E67
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0702696AF896E5CC742168E881837405
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ProxySite.com - Free Web Proxy Site

Page URL History Show full URLs

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1 HTTP 302
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D HTTP 301
https://www.proxysite.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

164
Requests

92 %
HTTPS

48 %
IPv6

23
Domains

34
Subdomains

27
IPs

6
Countries

2018 kB
Transfer

5233 kB
Size

26
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://eu4.proxysite.com/go/youtube.com
Title: YouTube

Search URL Search Domain Scan URL

URL: https://eu4.proxysite.com/go/facebook.com
Title: Facebook

Search URL Search Domain Scan URL

URL: https://eu4.proxysite.com/go/twitter.com
Title: Twitter

Search URL Search Domain Scan URL

URL: https://eu4.proxysite.com/go/reddit.com
Title: Reddit

Search URL Search Domain Scan URL

URL: https://eu4.proxysite.com/go/imgur.com
Title: Imgur

Search URL Search Domain Scan URL

URL: https://eu4.proxysite.com/go/google.com
Title: Google

Search URL Search Domain Scan URL

URL: https://pryvacy.com/
Title: Pryvacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1 HTTP 302
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D HTTP 301
https://www.proxysite.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&C=1

Request Chain 45

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5SMj0KTbuXQr4l8.u0T-gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2

Request Chain 46

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

Request Chain 47

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

Request Chain 108

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1

Request Chain 119

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5SMj0KTbuXQr4l8.u0T-gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

Request Chain 121

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

Request Chain 135

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1&google_push=ASkJ3FZL6uEuLlXXulUr7jx7JvS6FEkpNugUw7FhwnlCjtNcruhMlUopR7u8LTTlUEQ4XVM9ozJcW8DSK57cg3oVa2uvKtaqJNRS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMxMTQxNDUyNDYxNDg3MjI2OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1

Request Chain 137

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_cver=1&google_push=ASkJ3FZSEMgZDje4eunMezjN5WGFFtDokWjRbPLsiblfUOXkOZeOkSTLExKE7gz36CRZd30d_-MZ_MnHvhiOkSAutskTyu2R0qW0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_hm=Y5SMj0KTbuXQr4l8-u0T_gAACLoAAAIB&google_nid=index&google_push=ASkJ3FZSEMgZDje4eunMezjN5WGFFtDokWjRbPLsiblfUOXkOZeOkSTLExKE7gz36CRZd30d_-MZ_MnHvhiOkSAutskTyu2R0qW0

Request Chain 138

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEBq_K4aPgKdzu8NelUsI43g&google_cver=1&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_ HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEBq_K4aPgKdzu8NelUsI43g&google_cver=1&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_&google_hm=Fyv1sGZHcr94B_AJS42H40s8

Request Chain 140

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEOOEoWuD4CPOVjo2dKOgUdc&google_cver=1&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE0CNbD9ocHNaADSpkydStE4ia-3UpV1IH5fbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE0CNbD9ocHNaADSpkydStE4ia-3UpV1IH5fbg&google_hm=AECzttRZQUyLKrRQYxwoPCw

Request Chain 141

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaKs-Eqfe0z7tCTcIe-9Yjmpky-hacWArwSfMo86ySNJzZ-kx7tWE9dAEbyL8RZOf8V8F17iZkbczz6RgA1uhQAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaKs-Eqfe0z7tCTcIe-9Yjmpky-hacWArwSfMo86ySNJzZ-kx7tWE9dAEbyL8RZOf8V8F17iZkbczz6RgA1uhQAA

164 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.proxysite.com/
Redirect Chain

https://us8.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D&b=1
https://www.proxysite.com/process.php?d=AvtIUYjkz8f0yzPz7f%2FzA7t4NTQfxYgVwcD%2BpA%3D%3D
https://www.proxysite.com/

14 KB
5 KB

124ms
123ms

Document
text/html

52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: b4f7db824a1fc83d9952d4b199c647f01c7519b4b0e93f04ea425319378d6272

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, max-age=0
content-encoding: gzip
content-length: 4243
content-type: text/html; charset=UTF-8
date: Sat, 10 Dec 2022 13:41:34 GMT
expires: Sat, 10 Dec 2022 13:41:33 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: max-age=0
content-length: 234
content-type: text/html; charset=iso-8859-1
date: Sat, 10 Dec 2022 13:41:33 GMT
expires: Sat, 10 Dec 2022 13:41:33 GMT
location: https://www.proxysite.com/
server: Apache

GET
H2 200 96f631f.css
www.proxysite.com/css/ 38 KB
8 KB 185ms
184ms Stylesheet
text/css 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 35d4a453929aeb9cb4ca18e20087e72d2b251d050a6a7ec20931c152049d341f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:12 GMT
server: Apache
etag: "97e6-58465952eb312-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7817
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 logo.png
www.proxysite.com/assets/images/ 3 KB
4 KB 94ms
94ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/logo.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 2f1513a46b73f5ada51bafe9acd73abc1489f912de163236e4b6480a8311fb18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "cd8-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3288
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 privacy.png
www.proxysite.com/assets/images/ 7 KB
8 KB 262ms
259ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/privacy.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: eaee2371582b8c319e9f7b6432b570d1c7cc5bda80a6d7819521c6df355c3f9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1dbc-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7612
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 speed.png
www.proxysite.com/assets/images/ 5 KB
6 KB 169ms
167ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/speed.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 036a97f58ae41233cce615d76fb5511d15d9db41201bae08f0099eeb07faec28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "158b-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 5515
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 magnifying.png
www.proxysite.com/assets/images/ 10 KB
10 KB 258ms
256ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/magnifying.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: ecb0a51c8bccd33964654ecedc1115640eec2c15b217d843df9ed2c36d358060

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "2690-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9872
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 computer.png
www.proxysite.com/assets/images/ 7 KB
7 KB 172ms
171ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/computer.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 60738e0c21e145c63411dab779e72942f078ede817a5cdf57466ef0e61ff8d49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1b25-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 6949
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 magnifying2.png
www.proxysite.com/assets/images/ 7 KB
7 KB 259ms
257ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/magnifying2.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 0ac9094e17f405afb1a4cb915170e1051a048db8597a64460222f03fab4dcc76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "1b58-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7000
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 logo-footer.png
www.proxysite.com/assets/images/ 2 KB
2 KB 262ms
260ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/logo-footer.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 938bb7a4fe2818088711d433b38bb086516f778d8614faaf479ac89cf62968ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "7b4-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1972
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 jquery.js Show response
www.proxysite.com/assets/js/ 95 KB
34 KB 263ms
260ms Script
application/javascript 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/js/jquery.js?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:12 GMT
server: Apache
etag: "17b8b-58465952b0993-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 33760
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 65f94d5.js Show response
www.proxysite.com/js/ 39 KB
10 KB 172ms
169ms Script
application/javascript 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/js/65f94d5.js?v=17030501
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: dc2261fa7fc402f3869461ab510796c6a45c58b4910d7eaaf674bfefd5274e6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2019 22:05:13 GMT
server: Apache
etag: "9a33-5846595353af1-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9611
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 146ms
120ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2eb3dfc7180bd8cbdf941ffd0ac161ddb50efbc4b7ce694e2c5185d467bfcf8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49432
x-xss-protection: 0
server: cafe
etag: 6864415638198896834
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 10 Dec 2022 13:41:34 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 67ms
7ms Script
application/javascript 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sat, 10 Dec 2022 13:41:34 GMT
Content-Encoding: gzip
Age: 126
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 29221
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
Server: ECS (frb/668A)
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 bg.png
www.proxysite.com/assets/images/ 236 B
765 B 176ms
175ms Image
image/png 52.87.88.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proxysite.com/assets/images/bg.png
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 9428518d1b1c9e441b6dcf1effddc210ce3ab2d1e0913be29695e907b4c82c43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "ec-5846594186131"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 236
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 raleway.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 174ms
174ms Font
application/octet-stream 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 770da7643a54e06b63d0c10b9386c21eebe7fe791bbd43e760a9f763aa95d26f

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3ab8-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15032
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 raleway-semibold.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 174ms
174ms Font
application/octet-stream 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-semibold.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 3cee69d07c93d87ecbb03f206ddb86c9d4ba12638a18ed177de725be2eb8333a

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3b18-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15128
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 icomoon.ttf
www.proxysite.com/assets/fonts/ 3 KB
3 KB 177ms
177ms Font
application/font-sfnt 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/icomoon.ttf?-p3bna1
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7ffcb15458cc6d82ade6166ddb0788afe839679e06d01368d615e8f2c0c6a5f1

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "a7c-5846594185191"
content-type: application/font-sfnt
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2684
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 116ms
34ms Script
application/x-javascript 2a03:2880:f028:16:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f028:16:face:b00c:0:3 Sofia, Bulgaria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

759d05b3415341826afd6bb82cdf366e5090aec67c541500f3a6fff49517ec91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 10 Dec 2022 13:41:34 GMT
content-md5: RHqmkgcKZQDY2NzJvTdngw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: Mp/rJYIArz9x/Np5yc7ace0kcBidydk+Cd1Ij+LRv0gR+0DA1Q4XP9CdAE9xk8eRG5iOhL8qBOpX2ojit1VnlQ==
x-fb-trip-id: 1460883810
x-fb-content-md5: 7161a9f419d6231b3df0bb35662aca8a
cross-origin-opener-policy: same-origin-allow-popups
etag: "7246e77525c7525bba329af5a9d11a4c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 10 Dec 2022 13:57:15 GMT

GET
H2 200 raleway-light.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 158ms
158ms Font
application/octet-stream 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-light.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: d3f154bd52d039a8d725c3a790c0887142a2963f09b28c6280e4629ca8521e93

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3a6c-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14956
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H2 200 raleway-bold.woff2
www.proxysite.com/assets/fonts/ 15 KB
15 KB 243ms
242ms Font
application/octet-stream 52.87.88.72

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proxysite.com/assets/fonts/raleway-bold.woff2
Requested by: Host: www.proxysite.com
URL: https://www.proxysite.com/css/96f631f.css?v=17030501
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.88.72 Ashburn, United States, ASN (),
Reverse DNS: ec2-52-87-88-72.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 724acb468e6daf873120d385f6717f09d84ffb51b33c81cb135597dad94ab4d7

Request headers

Referer: https://www.proxysite.com/css/96f631f.css?v=17030501
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
last-modified: Mon, 18 Mar 2019 22:04:54 GMT
server: Apache
etag: "3aa0-5846594186131"
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15008
expires: Mon, 09 Jan 2023 13:41:34 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 57ms
27ms Script
application/x-javascript 2a03:2880:f028:16:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=bfaf966fceffbad233836c158e56e903

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f028:16:face:b00c:0:3 Sofia, Bulgaria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

904134a3046525c6eba7f72681b86627cc82031b6c88bf4fc529de7f40bc9020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.proxysite.com/
Origin: https://www.proxysite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 10 Dec 2022 13:41:34 GMT
content-md5: G+W6RAHZEeynH2xG30+xqg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88458
x-fb-rlafr: 0
x-fb-debug: MPaVGdTEpriHVyGSJozGK54B09PBINNM2H08vlhxywTwAID7/7RaJYGKHnTxYek1gwqfEbGdGRDYehmTzHaLhw==
x-fb-content-md5: de0d55150d4ed426eebb709663210aaa
cross-origin-opener-policy: same-origin-allow-popups
etag: "a917198c8f4877bb80c5bd8ef525e811"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 10 Dec 2023 12:47:37 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 10 Dec 2022 13:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1548
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sat, 10 Dec 2022 15:15:46 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/ Frame 82A3 10 KB
5 KB 43ms
8ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221206/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 55464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 22:17:10 GMT
etag: 10353107486223812946
expires: Fri, 23 Dec 2022 22:17:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK widget_iframe.644279d1635fd969e87af94a98bd232b.html Show response
platform.twitter.com/widgets/ Frame 1062 320 KB
104 KB 11ms
11ms Document
text/html 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BD) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 224226
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Sat, 10 Dec 2022 13:41:34 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=3
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/ 356 KB
117 KB 86ms
69ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5271052033776811&plah=www.proxysite.com&bust=31071114

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99098c0dc4e1f93553d8690220e5b63d0b386c14fbdce4b864de257be911935b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119959
x-xss-protection: 0
server: cafe
etag: 16904436467587263874
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 10 Dec 2022 13:41:34 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1062 980 B
708 B 340ms
116ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=403f2cd1eb06bbf5a6a1b1dc1910c579ccee906f

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fwww.proxysite.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

0809dce74d140cdb75918db36517dfca9fee927aa704fd47ee48432aee8986b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-response-time: 107
date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sat, 10 Dec 2022 13:41:34 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 3e5f12ac2b8806dd
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 360fcfe38637752380919723dc5625cbcdb46af6fd9f1d9b036b5ad6142cf12f
content-length: 386

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 37ms
20ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=300187776&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proxysite.com%2F&ul=en-us&de=UTF-8&dt=ProxySite.com%20-%20Free%20Web%20Proxy%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=766848447&gjid=2086081151&cid=1224739227.1670679695&tid=UA-45368124-2&_gid=1730055747.1670679695&_r=1&_slc=1&z=186472890

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proxysite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proxysite.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
699 B 44ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.proxysite.com&callback=_gfp_s_&client=ca-pub-5271052033776811&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5271052033776811&plah=www.proxysite.com&bust=31071114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbf9a2ac02b43ac34f6171f02be1b1fdce0d6a4b2b37e47b54f82f4a7d346714

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 55ms
27ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 59ms
18ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7E4D 95 KB
32 KB 961ms
943ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694504&bpp=3&bdt=438&idt=179&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&correlator=3865945769356&frm=20&pv=2&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=w7gBRT2nY4&p=https%3A//www.proxysite.com&dtd=199

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

593b20843f5e162d1af8832ecf39e392b04608b556ed05345916996fb9cfe6d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33179
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:35 GMT
expires: Sat, 10 Dec 2022 13:41:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 08B8 95 KB
32 KB 943ms
941ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694507&bpp=1&bdt=441&idt=203&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5tgV7FHqpv&p=https%3A//www.proxysite.com&dtd=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17713a1f68a3528710fa08300f6be3bb512863bd3b455b0542c542ac60b39310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:35 GMT
expires: Sat, 10 Dec 2022 13:41:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7156 23 KB
10 KB 333ms
332ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670679694&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694508&bpp=1&bdt=442&idt=215&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=tjXWFbPYAE&p=https%3A//www.proxysite.com&dtd=217

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92a8d8908b0c7c5c7a35766201cbbb5ab02b727f0f0c6d4321db1d76f1c4bbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10235
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:35 GMT
expires: Sat, 10 Dec 2022 13:41:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4FB8 98 KB
27 KB 942ms
941ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&adk=1812271804&adf=3025194257&lmt=1670679694&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fwww.proxysite.com%2F&ea=0&pra=7&wgl=1&easpi=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=1000&asna=5&asnd=5&asnp=5&asns=5&asmat=0.4&asptt=-1&aspe=1&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694509&bpp=1&bdt=443&idt=218&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280%2C728x90&nras=1&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=223

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75e584797d092d18924a8e96de1d6d39d1ecd46252dea0be31d149b07d3ef4e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 27611
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:35 GMT
expires: Sat, 10 Dec 2022 13:41:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK button.d2f864f87f544dc0c11d7d712a191c1f.js Show response
platform.twitter.com/js/ 7 KB
3 KB 8ms
8ms Script
application/javascript 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: 236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sat, 10 Dec 2022 13:41:34 GMT
Content-Encoding: gzip
Age: 224226
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2362
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
Server: ECS (frb/668A)
Etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.644279d1635fd969e87af94a98bd232b.en.html Show response
platform.twitter.com/widgets/ Frame FF4B 37 KB
14 KB 7ms
7ms Document
text/html 93.184.220.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.644279d1635fd969e87af94a98bd232b.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668A) /
Resource Hash: e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 224226
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13753
Content-Type: text/html; charset=utf-8
Date: Sat, 10 Dec 2022 13:41:34 GMT
Etag: "126ffb93f08e989b18a6e1fc082c9e33+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
104 B 118ms
118ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.proxysite.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1670679694910%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=403f2cd1eb06bbf5a6a1b1dc1910c579ccee906f

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-response-time: 110
date: Sat, 10 Dec 2022 13:41:34 GMT
strict-transport-security: max-age=631138519
last-modified: Sat, 10 Dec 2022 13:41:34 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: aa9bd0f6275d37ae
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: 360fcfe38637752380919723dc5625cbcdb46af6fd9f1d9b036b5ad6142cf12f
content-length: 43

GET
DATA 200
OK truncated
/ Frame FF4B 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7156 42 B
63 B 151ms
150ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BScNAGzTk4y-iUHYD-78su3S1ykkF0VVOT7b0wB2QQEKLyeoDCE1xu8Wva1dIxiFC-VTsRySZyFCbISkLRYzYj6BYLGLwiAmKT3DE8UdOfso-Xuew

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670679694&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694508&bpp=1&bdt=442&idt=215&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=tjXWFbPYAE&p=https%3A//www.proxysite.com&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 7156 3 KB
1 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:52:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 7156 18 KB
8 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7156 153 KB
47 KB 66ms
36ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 7156 23 KB
9 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A361 624 B
246 B 48ms
47ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUGk7cNLZxcW-RDSDWIZdgezncsb5NIRhFT6Xl_hg5gycXt9bvTd9ELd3DbhgjXgD4Rtu2jnwzGIkNJ4jb9rYi8yw7L0xeO9Ddi3SAtjW1nb3qvWRc8jCY9dqTdIP55sgXO3b9ezXXL35JHSSEFO-FBQnGSlfTojSZ4mfcha7QbqE6hm3I

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670679694&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694508&bpp=1&bdt=442&idt=215&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=tjXWFbPYAE&p=https%3A//www.proxysite.com&dtd=217
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:35 GMT
expires: Sat, 10 Dec 2022 13:41:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7156 67 KB
32 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DofG-0bPgfZilWefpOzisdv8Bzc3Dc0-zbIcM3XM_cHhOmuV6nCMYxBWEqZ4BWVyj2a7BhBEhIaj2X2DcobotcGEgZZw&cry=1&dbm_d=AKAmf-DCmOSv6cy1KkeHWPUKdHpkVVOYgATtUQVsCWCgexAL1ZZknNWP6IpkXUGDcoHIdmcfmG0J2dMEGeW_bbKo-jENN4ttQ3ZCSzWVFQKkglf__A9IJNuBynzl20NQ8gvnauDap1vt2YJnKlpgdSxjpucIp5zCTFjofT0xzrOAWrRecYmYjhehBnvWpvMHInnh5ToH-DeO671LSRhRDnq88dlY-pVPjeBj5hm67keQVC8TYHa62FwEw0j__tLFJiCB3---6F4N_kKG0-gHd4T0iRJ0Bhn_CCPfu6iUPuMkZ4y_ha-sN7lVPRSqaxUlPy8Md12hKDs2afqaS5q-iZ7_saYnxdQK1seOTO8W2hBSRWF7d_FSF5PjGxTko8yXEdcxeowehOfK6OZCjyyMRkPrK_cEENviGJ5loMYh1eO-wjTpL-sLYNubgUnq1Bff7Omg3CYNY_EpvxTdSvXoqaj2peDP0JnI52ZmExCc6n8qnL_t4Ad2m3VXnMCc6CThnoQ-q1o83HRxwd-y0bD5q924ylkrZd3dLt293ylg08mqfgXJvblKAS1RM8Isxzu8kttj7TP0iOKnPiM0onxsIsFQZOfPoDOVR-xdyqX8o4VF_NENqiXN_BGDZVzX2KJ2cHZU5WSq7YfxxT_xA-2vEzFCRhi5WesAK_jH-7HXftEMlumTNHaPYWh7wT0Zv4m0Jb9vygNWet7Tes_HZKSrWVgHVuPCMvxhus_2WZG3XXp1Zinq9j-eztQ5StI5VL0LraytTzijj-1XeI6p_lrIR9knRbWcd4jiqrkXdEZnr0WZvMcrkCQcExaameAssRGMeHyud9ZtN-7Tc6nQtDHVhbnWfe-5F803d6Wa8-l96MB16D9_HkEp-8ro0QVMrMSn29xF_Io2uzHUugwVmAL5ZOxwg5WdRaGWbwW5eTIZhBpfVABUabXGShBRb1ebCDYLNuVDhVidS-engxmN0pMszS6W3X-EwEUCI6wx9gpMJE2wJYaoJ-pqLjyXv106AA4krU4ZxZk6FArOeI2U5_ES97LeKtRB9FXewIZ2MKZPilPY_tdPfZcSQaZymi71LNRUW4EOEM9xMStBIii5qvsMqZvC4NdRQRUR4ZmnKX1aiRToVh6KvE3MJxFJ1_SWC3xMQqelSVTTkoAqMkRHZcYhco25GeW5GeMExIBXJghf_Do221gjE0qs1A3mcJqp4RUdKmwSjSnvPJ7LCOvNgyz26QtbIb1AnXUMxNfrf_toyhTyzhV80WcLtHyIyznWEvd5Fd__GOHtluuqjnhM-u0cM63TRZ_-PxG6BxchsQNf7qER7qfiIjL0lC8cEkGZF8yJ-dYhKwP7IY6eNeKjffUkp5Dd9BftjPmkdTtNhmsoF2URcUi13IgVqWXm8gNuA1SI8jD--i3vgqDHbuKGM_hLrCv084PzpSs5BdJnWJ_L1joL7xCGovx0bJGCfRzi_CXhrfIRw9hrQfx6gLuEIePJNb5xwMF8jUASGMFlMFyhkMFiWZGnydh4CKratDbIasgyWda7LerGmxge6lMw4SXtvD2Bdh8qIGjg4G6QBGnrbvQPBsVjmy_7n1XswQUkYcnaoV3NWBMo-Y1sEK4yFXgjG7b6wUGfs39WC7BeCHM4qsFZqN4i69Uq18HiQLOiFvF4A_PzSlY8T5EG0CA3ZZG4jI7w_NLwbxBWEBh_HABdyUs0bPQTLP_61stDFG2hGUDEo7MO3wpGZvEtF7h2fYtjTthxGoZZsTQ-eNgoV3PmKElt1oHZwzkE-G60BAISt1ty7fNnNdTa61M1hBuPlrqLYgTtqXXcxSiuvosGOMb6YyfhsCZ-YFVlaw4valQjG5vhX3wHwlFuXRKRdrBj4kBhlg3C_oRp13R-r3hpfLldhsw2V-gYwDqskQ-cZd5ABED_jPZQBEo_OZDuHRsYKqiX4vzMgVo_kRBAiGc7BUbA07Lp21tpRL4PeZrgmgxWkSIch8GeI__QnTh3fduiggetHfvkYnPCPSdBwcGzbCZEG0teu7T4DmqybWAGlVPvyvLvxXWyyaWJfUg5RuADGSyKS10N7MVMvEiwYrU3cfx9fLSLJWNMyRxvaU9cGfI9wb-_LlKfc6kGfeYo6EoXg2yxm5iYbhaN0tbGZFAHXHzGniwMJXp5qV_iWJOlsy11CEUZh4KurmiZNZlXOk1rDgheqEj41P57O16CMMsyZbt9e-XJ1I1E06Mfatcp_pwTEWiME3cv7iPVBQnFZ6eFEacpxdiWWMt8YHEHoFm0Q8YeGn7-t-3YjPOTe8yALEozjsIH0Y1EaMErf-Pr3vd84BtSGuEjcKSUC0CKTA4K3kjJSgW9rIfM7pyDa3-8uxN2CecSjdkPL3Ym4wby_a2HmmjxtLpJekbRSw5Su4eehCPf7uBJ_y9yGoDAvwkymplHYKw6-Lc2QfSAKXKNuyzp1zxxGGaNr9qhiPpzm2OusNwQyPDoNTGzVMlBEnH-AHUbjOtQuKapQNVNkTe5RbLfnqvcLHA3FPe91pq7jrOUs08muCdkcSSioUPdlLOFhCf1ZMhJiKiLN1xEYVq5k93uRjSX8rnKuZc2avaVtRawYLrerMf0-Dgu3VZb22oZl-QbqUBdZfg4Sgm6b0U3rSkiZazi5I9SFoKjM8ySztIqif0Wd73mbaaU1OYGIHuqo-2nZvYG4_Rp1FZVINCP44twYAdxWkAxAKwiRpuYVkeklACnwmM60sJ97v1U9hbrUIpo8IrygJD9CcE8BVguIh9k-BwJyygGhfmtm7oO5GM68ICAR7sIDx9WEPYBktEmKdWtaoHN5B8t-sIk0YLQCSlY9YV6xjl2iZCDJlWBjHGVJFKY0P9tY40AbMXve2uK8I5on62YJ7saPTuVtkYxpN6EShf0BLTGiUfc0dXhfrD8sttczn0MUZjDweZZnsrM8TrnU0mpcR_l7xbJ5F0m39C1N-DjU3E29jABuM3i1U2QOc5XVI0yKb9IRO9HuQbTXHuI-w7LrSvWnIihHEsIy2QNJhpnIy7RAaTTq1y2xS3tyDhpKiOxZiiyoR6j_wlIIw4lQSqCMz89SeCsutA_knRAnGUZQ0Z5RnvAdemnkYHM9q6ktwEFWbmruCjvjSVsLPLkeSjq4nrgRaZQD599&cid=CAQSGwDq26N9NfrtoCTrDWxdS45xfi5Qbmcy9gsHMRgBIBM&rfl=1%2Chttps%253A%252F%252Fwww.proxysite.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5ce2319ddf7e5ce5d7da4d3754669b57cbfba96b5ae0656935a414c0f8d3b70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&slotname=6803856480&adk=197138127&adf=1497320946&pi=t.ma~as.6803856480&w=728&lmt=1670679694&rafmt=12&format=728x90&url=https%3A%2F%2Fwww.proxysite.com%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694508&bpp=1&bdt=442&idt=215&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280%2C990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=2948&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=tjXWFbPYAE&p=https%3A//www.proxysite.com&dtd=217
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32813
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A361
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&C=1

43 B
766 B

10ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUGk7cNLZxcW-RDSDWIZdgezncsb5NIRhFT6Xl_hg5gycXt9bvTd9ELd3DbhgjXgD4Rtu2jnwzGIkNJ4jb9rYi8yw7L0xeO9Ddi3SAtjW1nb3qvWRc8jCY9dqTdIP55sgXO3b9ezXXL35JHSSEFO-FBQnGSlfTojSZ4mfcha7QbqE6hm3I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A361
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5SMj0KTbuXQr4l8.u0T-gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2

43 B
766 B

31ms
30ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUGk7cNLZxcW-RDSDWIZdgezncsb5NIRhFT6Xl_hg5gycXt9bvTd9ELd3DbhgjXgD4Rtu2jnwzGIkNJ4jb9rYi8yw7L0xeO9Ddi3SAtjW1nb3qvWRc8jCY9dqTdIP55sgXO3b9ezXXL35JHSSEFO-FBQnGSlfTojSZ4mfcha7QbqE6hm3I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A361
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

43 B
1011 B

20ms
10ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhiIj8zIATAB&v=APEucNUGk7cNLZxcW-RDSDWIZdgezncsb5NIRhFT6Xl_hg5gycXt9bvTd9ELd3DbhgjXgD4Rtu2jnwzGIkNJ4jb9rYi8yw7L0xeO9Ddi3SAtjW1nb3qvWRc8jCY9dqTdIP55sgXO3b9ezXXL35JHSSEFO-FBQnGSlfTojSZ4mfcha7QbqE6hm3I

Protocol

HTTP/1.1

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:35 GMT
AN-X-Request-Uuid: 2e8f6b16-ecaf-4f84-a6c7-22a4a544a1b9
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A361
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

170 B
188 B

41ms
21ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:35 GMT
AN-X-Request-Uuid: 7d433a3d-38b7-4c3c-b061-d0345c45b8c2
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 7156 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DofG-0bPgfZilWefpOzisdv8Bzc3Dc0-zbIcM3XM_cHhOmuV6nCMYxBWEqZ4BWVyj2a7BhBEhIaj2X2DcobotcGEgZZw&cry=1&dbm_d=AKAmf-DCmOSv6cy1KkeHWPUKdHpkVVOYgATtUQVsCWCgexAL1ZZknNWP6IpkXUGDcoHIdmcfmG0J2dMEGeW_bbKo-jENN4ttQ3ZCSzWVFQKkglf__A9IJNuBynzl20NQ8gvnauDap1vt2YJnKlpgdSxjpucIp5zCTFjofT0xzrOAWrRecYmYjhehBnvWpvMHInnh5ToH-DeO671LSRhRDnq88dlY-pVPjeBj5hm67keQVC8TYHa62FwEw0j__tLFJiCB3---6F4N_kKG0-gHd4T0iRJ0Bhn_CCPfu6iUPuMkZ4y_ha-sN7lVPRSqaxUlPy8Md12hKDs2afqaS5q-iZ7_saYnxdQK1seOTO8W2hBSRWF7d_FSF5PjGxTko8yXEdcxeowehOfK6OZCjyyMRkPrK_cEENviGJ5loMYh1eO-wjTpL-sLYNubgUnq1Bff7Omg3CYNY_EpvxTdSvXoqaj2peDP0JnI52ZmExCc6n8qnL_t4Ad2m3VXnMCc6CThnoQ-q1o83HRxwd-y0bD5q924ylkrZd3dLt293ylg08mqfgXJvblKAS1RM8Isxzu8kttj7TP0iOKnPiM0onxsIsFQZOfPoDOVR-xdyqX8o4VF_NENqiXN_BGDZVzX2KJ2cHZU5WSq7YfxxT_xA-2vEzFCRhi5WesAK_jH-7HXftEMlumTNHaPYWh7wT0Zv4m0Jb9vygNWet7Tes_HZKSrWVgHVuPCMvxhus_2WZG3XXp1Zinq9j-eztQ5StI5VL0LraytTzijj-1XeI6p_lrIR9knRbWcd4jiqrkXdEZnr0WZvMcrkCQcExaameAssRGMeHyud9ZtN-7Tc6nQtDHVhbnWfe-5F803d6Wa8-l96MB16D9_HkEp-8ro0QVMrMSn29xF_Io2uzHUugwVmAL5ZOxwg5WdRaGWbwW5eTIZhBpfVABUabXGShBRb1ebCDYLNuVDhVidS-engxmN0pMszS6W3X-EwEUCI6wx9gpMJE2wJYaoJ-pqLjyXv106AA4krU4ZxZk6FArOeI2U5_ES97LeKtRB9FXewIZ2MKZPilPY_tdPfZcSQaZymi71LNRUW4EOEM9xMStBIii5qvsMqZvC4NdRQRUR4ZmnKX1aiRToVh6KvE3MJxFJ1_SWC3xMQqelSVTTkoAqMkRHZcYhco25GeW5GeMExIBXJghf_Do221gjE0qs1A3mcJqp4RUdKmwSjSnvPJ7LCOvNgyz26QtbIb1AnXUMxNfrf_toyhTyzhV80WcLtHyIyznWEvd5Fd__GOHtluuqjnhM-u0cM63TRZ_-PxG6BxchsQNf7qER7qfiIjL0lC8cEkGZF8yJ-dYhKwP7IY6eNeKjffUkp5Dd9BftjPmkdTtNhmsoF2URcUi13IgVqWXm8gNuA1SI8jD--i3vgqDHbuKGM_hLrCv084PzpSs5BdJnWJ_L1joL7xCGovx0bJGCfRzi_CXhrfIRw9hrQfx6gLuEIePJNb5xwMF8jUASGMFlMFyhkMFiWZGnydh4CKratDbIasgyWda7LerGmxge6lMw4SXtvD2Bdh8qIGjg4G6QBGnrbvQPBsVjmy_7n1XswQUkYcnaoV3NWBMo-Y1sEK4yFXgjG7b6wUGfs39WC7BeCHM4qsFZqN4i69Uq18HiQLOiFvF4A_PzSlY8T5EG0CA3ZZG4jI7w_NLwbxBWEBh_HABdyUs0bPQTLP_61stDFG2hGUDEo7MO3wpGZvEtF7h2fYtjTthxGoZZsTQ-eNgoV3PmKElt1oHZwzkE-G60BAISt1ty7fNnNdTa61M1hBuPlrqLYgTtqXXcxSiuvosGOMb6YyfhsCZ-YFVlaw4valQjG5vhX3wHwlFuXRKRdrBj4kBhlg3C_oRp13R-r3hpfLldhsw2V-gYwDqskQ-cZd5ABED_jPZQBEo_OZDuHRsYKqiX4vzMgVo_kRBAiGc7BUbA07Lp21tpRL4PeZrgmgxWkSIch8GeI__QnTh3fduiggetHfvkYnPCPSdBwcGzbCZEG0teu7T4DmqybWAGlVPvyvLvxXWyyaWJfUg5RuADGSyKS10N7MVMvEiwYrU3cfx9fLSLJWNMyRxvaU9cGfI9wb-_LlKfc6kGfeYo6EoXg2yxm5iYbhaN0tbGZFAHXHzGniwMJXp5qV_iWJOlsy11CEUZh4KurmiZNZlXOk1rDgheqEj41P57O16CMMsyZbt9e-XJ1I1E06Mfatcp_pwTEWiME3cv7iPVBQnFZ6eFEacpxdiWWMt8YHEHoFm0Q8YeGn7-t-3YjPOTe8yALEozjsIH0Y1EaMErf-Pr3vd84BtSGuEjcKSUC0CKTA4K3kjJSgW9rIfM7pyDa3-8uxN2CecSjdkPL3Ym4wby_a2HmmjxtLpJekbRSw5Su4eehCPf7uBJ_y9yGoDAvwkymplHYKw6-Lc2QfSAKXKNuyzp1zxxGGaNr9qhiPpzm2OusNwQyPDoNTGzVMlBEnH-AHUbjOtQuKapQNVNkTe5RbLfnqvcLHA3FPe91pq7jrOUs08muCdkcSSioUPdlLOFhCf1ZMhJiKiLN1xEYVq5k93uRjSX8rnKuZc2avaVtRawYLrerMf0-Dgu3VZb22oZl-QbqUBdZfg4Sgm6b0U3rSkiZazi5I9SFoKjM8ySztIqif0Wd73mbaaU1OYGIHuqo-2nZvYG4_Rp1FZVINCP44twYAdxWkAxAKwiRpuYVkeklACnwmM60sJ97v1U9hbrUIpo8IrygJD9CcE8BVguIh9k-BwJyygGhfmtm7oO5GM68ICAR7sIDx9WEPYBktEmKdWtaoHN5B8t-sIk0YLQCSlY9YV6xjl2iZCDJlWBjHGVJFKY0P9tY40AbMXve2uK8I5on62YJ7saPTuVtkYxpN6EShf0BLTGiUfc0dXhfrD8sttczn0MUZjDweZZnsrM8TrnU0mpcR_l7xbJ5F0m39C1N-DjU3E29jABuM3i1U2QOc5XVI0yKb9IRO9HuQbTXHuI-w7LrSvWnIihHEsIy2QNJhpnIy7RAaTTq1y2xS3tyDhpKiOxZiiyoR6j_wlIIw4lQSqCMz89SeCsutA_knRAnGUZQ0Z5RnvAdemnkYHM9q6ktwEFWbmruCjvjSVsLPLkeSjq4nrgRaZQD599&cid=CAQSGwDq26N9NfrtoCTrDWxdS45xfi5Qbmcy9gsHMRgBIBM&rfl=1%2Chttps%253A%252F%252Fwww.proxysite.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79404
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 23 Dec 2022 15:38:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame 7156 8 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70273
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 23 Dec 2022 18:10:22 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7156 0
0 93ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst-deVIQx_Sv2YssnuDoIWbISo49c0IiM1SilQzwEUszGB-ZgfYZegd3ilIKtVNc5MxMtYF7W5jksAOrA3Heo2WCZo0b14tG9gvWlcGM-W4H5PQ8TZ8YspgoRmeogeldKptwcpa_XS-DFbSONEaf2eXmadRGQEFk02cxtmvd7tWEWWoCQ0s9n-9-BoHiiIGvWbeosFHV9nqgleSBX4Es6f6oqNKMtMjCNQwWRkM3wlMI9-JPnUOnT0Mx0bh-6b14k2jCkzVI8UpzKvn6dKTr_3vtI43GONcxulmpuRSZuub5osC1EN4Hdtl7rtjdAUokxGG3cWTGcIM44amBc6vr31CP4NSxi4_6pOQU5pChts2zVgeEc3_fWDe2Tmpe2BYEqd9m2nXlIeJ6jwMf937YqreBAASWic9zfMo9LxqkFk6cGErE5bvEQC5ECTlgRvNZH4sHc90qc-ff4odbP2Rq57PUynSQbrNqmu0A5vwXDUoO8Wv19tyr2j3DcEADX86uLiPzipRDPBZvcLoORN-P405eCr6AcLA0RBGUwUjLgaA34aVcU-kgTMMQa4mgX2z9fMTg9nL1shWo9edM1kRWeP8i-uzrHO6TdkgpJIlBDYcBZCcXPWTDkL2IidVnRkwkNuaVUbM7V8_cfPwrikI9RsJW5woGmsaIrYzbPjFxu7k0vcdYFM1vWl_s0CUNc-K4nsgK4PmnDa3x9z6ddeGe2zSGcfII35enw5pMLC50D-msu3tMuUDYt3K985KVwqMRgzA7hR0NLmveVnYFInhEhSkJHFYgf1RyiGfEhIEPDsEoYwVIjijoVgzIdrSrW0nT-MkIdc6659uiENBq4kpQSUBhsoygwAAta7bQO7XT-14jruD0MckTT_VCcX7hS7d_aIGLHAxiCEFZ7QLsJmEYL0OrefoHUkrEL3LNYKkyHbojGXziP06MxPLOVrrbjskYHyLvqaqMDYxktpVEz1ezATOgCGUZN55tvJhM8UtY4SjSq84_tKQJDJBriBYGw5Rr3RvEMwMNcL6Yz-0uK1gk2h0SwmZQuVoCthZfLhZj7OBkgo82ak3pYEin0FwAOUsmx60rOA5Ka6ZLDS-NUqgOPY2BiT5zWhPxrJKSG5QgbeB9rh9bJTnQJupQVehe3YrxgQqrhESqlPRhbG-4DMMn8Iwl66GRxM9t9OEYriw86dTG2xO63xGWGMbSOCH0lwSt67eHrrV0vqJZI3gH_3Y9IOUxQTSXjZlkvkPYnU&sai=AMfl-YTjRLqkHbp7m95ap957IGNgIGn5O_PmoSbRD9rYRe3h8_wEfG-_DbSpj7gTuMJxf2EIfe_H0jz7d0XnUlgwYhMXbyMEORHYsSJ0h5y6bPBdqbsOAfQz6qybVbrBlOiZk5K9dScr5XCpTXBPNDBZ9ePGvSRTZNE_hZ2ByEoq9E6hzwpsJSu_J1PsCsVazkpSeA9ay1mX0ATsmtU8oA&sig=Cg0ArKJSzKKmkMZivlYrEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221206.76444&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7156 41 KB
15 KB 40ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 07:06:25 GMT

GET
H2 200 3224642712769903581
s0.2mdn.net/simgad/ Frame 7156 22 KB
23 KB 62ms
9ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3224642712769903581

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82a6d26513f870f1310630d34c6022c40c132836db8f66e39d01e681eebf9e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 05:18:28 GMT
x-content-type-options: nosniff
age: 375787
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22956
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 10:17:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 06 Dec 2023 05:18:28 GMT

GET
DATA 200
OK truncated
/ Frame 7156 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52e0b60d9d90e80f1d001f4bef8926e0e1782c46dcd2a998fb81cb33632e683a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4E74 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 583333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7156 0
0 52ms
52ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst-deVIQx_Sv2YssnuDoIWbISo49c0IiM1SilQzwEUszGB-ZgfYZegd3ilIKtVNc5MxMtYF7W5jksAOrA3Heo2WCZo0b14tG9gvWlcGM-W4H5PQ8TZ8YspgoRmeogeldKptwcpa_XS-DFbSONEaf2eXmadRGQEFk02cxtmvd7tWEWWoCQ0s9n-9-BoHiiIGvWbeosFHV9nqgleSBX4Es6f6oqNKMtMjCNQwWRkM3wlMI9-JPnUOnT0Mx0bh-6b14k2jCkzVI8UpzKvn6dKTr_3vtI43GONcxulmpuRSZuub5osC1EN4Hdtl7rtjdAUokxGG3cWTGcIM44amBc6vr31CP4NSxi4_6pOQU5pChts2zVgeEc3_fWDe2Tmpe2BYEqd9m2nXlIeJ6jwMf937YqreBAASWic9zfMo9LxqkFk6cGErE5bvEQC5ECTlgRvNZH4sHc90qc-ff4odbP2Rq57PUynSQbrNqmu0A5vwXDUoO8Wv19tyr2j3DcEADX86uLiPzipRDPBZvcLoORN-P405eCr6AcLA0RBGUwUjLgaA34aVcU-kgTMMQa4mgX2z9fMTg9nL1shWo9edM1kRWeP8i-uzrHO6TdkgpJIlBDYcBZCcXPWTDkL2IidVnRkwkNuaVUbM7V8_cfPwrikI9RsJW5woGmsaIrYzbPjFxu7k0vcdYFM1vWl_s0CUNc-K4nsgK4PmnDa3x9z6ddeGe2zSGcfII35enw5pMLC50D-msu3tMuUDYt3K985KVwqMRgzA7hR0NLmveVnYFInhEhSkJHFYgf1RyiGfEhIEPDsEoYwVIjijoVgzIdrSrW0nT-MkIdc6659uiENBq4kpQSUBhsoygwAAta7bQO7XT-14jruD0MckTT_VCcX7hS7d_aIGLHAxiCEFZ7QLsJmEYL0OrefoHUkrEL3LNYKkyHbojGXziP06MxPLOVrrbjskYHyLvqaqMDYxktpVEz1ezATOgCGUZN55tvJhM8UtY4SjSq84_tKQJDJBriBYGw5Rr3RvEMwMNcL6Yz-0uK1gk2h0SwmZQuVoCthZfLhZj7OBkgo82ak3pYEin0FwAOUsmx60rOA5Ka6ZLDS-NUqgOPY2BiT5zWhPxrJKSG5QgbeB9rh9bJTnQJupQVehe3YrxgQqrhESqlPRhbG-4DMMn8Iwl66GRxM9t9OEYriw86dTG2xO63xGWGMbSOCH0lwSt67eHrrV0vqJZI3gH_3Y9IOUxQTSXjZlkvkPYnU&sai=AMfl-YTjRLqkHbp7m95ap957IGNgIGn5O_PmoSbRD9rYRe3h8_wEfG-_DbSpj7gTuMJxf2EIfe_H0jz7d0XnUlgwYhMXbyMEORHYsSJ0h5y6bPBdqbsOAfQz6qybVbrBlOiZk5K9dScr5XCpTXBPNDBZ9ePGvSRTZNE_hZ2ByEoq9E6hzwpsJSu_J1PsCsVazkpSeA9ay1mX0ATsmtU8oA&sig=Cg0ArKJSzKKmkMZivlYrEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=74&vt=11&dtpt=73&dett=2&cstd=0&cisv=r20221206.76444&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E74 36 KB
16 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E74 0
20 B 316ms
316ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BD14Gj4yUY9itBbyzx_APsMCOkA4AAAAAOAHgBAI&bg=!2tml2Z3NAAYgquz3AKo7ACkAdvg8Wuhg9R9AEXGTBCrNhYXZBSjdIC8-LMILkpPbVKTKZNXYY1dVpgIAAABRUgAAAAJoAQeZAtPM2sD5Yh2O1cKKJ4lA2wRt4hZwvFL-E5BbUVdiMz7nc4gjXvXvpZQDfacq55ibsKtgkjj_Ypz4dxqY61oNAXSeU1vi0Z5bvXZnxUD50-1988WR24rBqnrAf8NlK3-iKKMd7Od0Q8z1dXp_RhBQrLFcfnIPqJKUA4vi_fOW7QXGrtQP3mmtDrvqg3gCpuG8ck844WgfMvfFV0dpCjeXPnkdH3mue4w2eTrldzAKzZr_jFaix3HidJaHFNXCV7kbpaMwbMnWevDFxeYGnNQDkPifGVXPeFkRMdUkBcpiXM_4Mw3NgRnqrOyJkqbZVYe_7-U3bduYjKaXy4wSA6vXQjCv7BxDK-7f0HsfBmwmSzTYXeDrVVc8JzLWJqg6-y4Br1f2FT2iOiA3l_kUc1yysEJkCb1RI_-dIZROiRhoLcsMzMoggsDOAJQYLK8NYC2e7oLIGBHlOCBNAVc1W_zMaVKAQiwQYwDht4i3kgEVumtWvIdnB03SEPgW2-SnoIWuDIfoLgXWwd11OX_uD2GObDWodAaNA4JqIAK1MfogXZN9nYXCC4PK4X9WReGhBQcTnNM0CQV-O3bxRy2HkAt6_pV58WK-rLhqUUFE-gguff5HBaIW_IFj8JSzMqWBc7gUuL1bHDqcTnpg92XELX8Lc-YQ7_m4OIOL-U1YKetNPcV8PPam8aIRAYm3T_2hfQ6MdBXN7-k_xSWySRsrKtteS8ZOdb2LUCfNxOb5CmA_Osyx0f0ECv0hE2FM9RDCC84ii_ALPiNIQTOJMmI2d68tqa7PyaUJEscKnesglmjN_Nex_4Xe1CBXys9N5uBuXtNe0ahVdlbniIfuQUHUZeUX6NYbx1U5w4LKAAmaHBRu0VNbHRm0EdSLZaN1yx4BkDwBBR-GtRf3UIppoqLG8udCZiKTa6oOnYQ4BqqyfiKJZwa8xhZyQMa4tAYYrNjVNS-sRTJAcw0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 08B8 8 KB
967 B 45ms
18ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694507&bpp=1&bdt=441&idt=203&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5tgV7FHqpv&p=https%3A//www.proxysite.com&dtd=209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 12:30:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 08B8 2 KB
765 B 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 08B8 23 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 08B8 3 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:52:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 08B8 18 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 08B8 153 KB
47 KB 47ms
26ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H2 200 148b897ed20242fb53e65c70a8c63c89.js Show response
www.gstatic.com/mysidia/ Frame 08B8 34 KB
15 KB 40ms
11ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/148b897ed20242fb53e65c70a8c63c89.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a49f15294007bad4031449fd145bfe309092999eebdb428925aa0403215f56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:17:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14307
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 19:06:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 09 Mar 2023 20:17:57 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7E4D 8 KB
1 KB 31ms
17ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694504&bpp=3&bdt=438&idt=179&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&correlator=3865945769356&frm=20&pv=2&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=w7gBRT2nY4&p=https%3A//www.proxysite.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 12:22:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 7E4D 2 KB
765 B 10ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame 7E4D 23 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 7E4D 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:52:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame 7E4D 18 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7E4D 153 KB
47 KB 50ms
41ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H2 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame 7E4D 34 KB
14 KB 37ms
11ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 403615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 08B8 0
0 57ms
54ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcuVkjoyUY4bXMMLdhQaZ-oKIDMnmrsBth9yl7JMR9qvyjPg1EAEggfOTKWCVgoCAuAegAeenmN8CyAEJqQKaklmJ-a6xPqgDAcgDywSqBM4BT9CX_3E-IaEbtDx4L1S7eaHx1KtN5SSiMOkLmSr5QMUK09JNvzt3-x2ibCw_8dRCudLBykperIEzW2lUwemN7boDIPJDGL17Rcgzd7Ndx_GjPIpDOnhGZ5coa2BQMPAYXJEQOUZn2wp9WTSZQ0DIoA2vHirDGldmPqo73-3Oh8p9hq-W0SWz5xFyYucwPUXVggQQKTIW6H3nYRV7pvb780M3xsWkdEJlmm0CUHqx7vGD8YSmZyOnFBWV6Mv4k-UCe439JduSDprOVZd8xKTABKCgkK_eA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeB2OegAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEELz2CNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTUyNzEwNTIwMzM3NzY4MTEYAA&sigh=KAKNNg5rDKM&uach_m=[UACH]&cid=CAQSGwDq26N9c8CjtSbKO8G_knL4re1CJnuoR33sohgBIBM&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=4344332884&adk=523175106&adf=1005968846&pi=t.ma~as.4344332884&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=1&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694507&bpp=1&bdt=441&idt=203&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&prev_fmts=990x280&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=702&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5tgV7FHqpv&p=https%3A//www.proxysite.com&dtd=209
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7E4D 0
0 62ms
61ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C5w9kjoyUY5zGMMrHhQbAhp0wyeauwG2H3KXskxH2q_KM-DUQASCB85MpYJWCgIC4B6AB56eY3wLIAQmpApqSWYn5rrE-qAMByAPLBKoExQFP0N1whKHE5Fef4aKJAbJppof3XLnOp_zBSHznNcJ_i84OPUXhkENWEoipHnB8NVr1Dn2-MgS441LzwSwwjlVSO2lAZI9JdR1a4M0XduZbbthrn1p11xkH8zp2E5_LnHJ47t_ERBFq2VZ7x8xuEtICSL4jgIc0NcrZHYCY5AD7Q92AsSSt8x6BSgG8Pep8MG2P78MnoJgoctN1SjsfSBIL0eMv4MWjEylyCW5OjIOgvelIQCMusT3KSfZ8m-qOF6NyQGf9kcAEoKCQr94DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB4HY56ABqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQgOAc0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTI3MTA1MjAzMzc3NjgxMRgA&sigh=NzOdYTMWh-U&uach_m=[UACH]&cid=CAQSGwDq26N9U3HzVZLcV5Twmd7rEfCDiR8aE8Ye2BgBIBM&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&slotname=2867599685&adk=3927345067&adf=3573213364&pi=t.ma~as.2867599685&w=990&fwrn=4&fwrnh=100&lmt=1670679694&rafmt=3&format=990x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679694504&bpp=3&bdt=438&idt=179&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&correlator=3865945769356&frm=20&pv=2&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=305&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoepE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=w7gBRT2nY4&p=https%3A//www.proxysite.com&dtd=199
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 10 Dec 2022 13:41:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16219658952005295331/ Frame 7E4D 25 KB
25 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16219658952005295331/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96ea283c1c37c5d7d4177bb32764f2873c8c9ef60923b637091f7afb1eac94ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 16:32:47 GMT
x-content-type-options: nosniff
age: 421728
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25091
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 14:53:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 05 Dec 2023 16:32:47 GMT

GET
DATA 200
OK truncated
/ Frame 7E4D 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 7E4D 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 2728354180183721846
tpc.googlesyndication.com/simgad/16219658952005295331/ Frame 08B8 30 KB
30 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16219658952005295331/2728354180183721846?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29aba457c277278516480abb675c844f12e33896e08eafb34e06695ebeeef761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 14:48:35 GMT
x-content-type-options: nosniff
age: 82380
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30455
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 14:55:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 14:48:35 GMT

GET
DATA 200
OK truncated
/ Frame 08B8 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 08B8 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/ 150 KB
51 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/reactive_library_fy2021.js?bust=31071114

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51a35ebb062650129c3038e329bfe25e4b9bcf3321d72db8f5c5252a941f5c3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52346
x-xss-protection: 0
server: cafe
etag: 5006019858124894608
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 36ms
17ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 37ms
18ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D2CD 430 B
228 B 341ms
341ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=280&adk=3625593270&adf=3099719705&pi=t.aa~a.4226026281~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x280&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0&nras=2&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1451&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=uVdrXmgAkG&p=https%3A//www.proxysite.com&dtd=10

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79af1c7d417111ca1837292eade82e2c883c554186cca89f3596fe9f1c5a2b4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 208
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EC5B 30 KB
11 KB 574ms
574ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb1feac2e4b6b86b88a35923ed328f0b9d492bfb00dbd7d9c320814af4cb3070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 11178
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3BF0 430 B
229 B 402ms
402ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=60&adk=2093842954&adf=3560341080&pi=t.aa~a.4080220755~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x60&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=0&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280%2C1200x90&nras=4&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2738&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=v5pUuGal0t&p=https%3A//www.proxysite.com&dtd=18

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71524570c2a41dedff7cad78ef11eb54c3957b23c4f64643fa04cb6a42b46782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7E4D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56e169a3aa9b1abf9dfebf24cfdf4f3f50a86305cf3de816532400ddd39197e2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 08B8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80646f36094e746583b08d8f8dae1eb995726897032682e381592bc1ff6041fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 08B8 28 KB
28 KB 37ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 144354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 21:35:41 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 7E4D 28 KB
28 KB 33ms
16ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 21:35:41 GMT
x-content-type-options: nosniff
age: 144354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 21:35:41 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame CB29 36 KB
16 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 3AB8 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.proxysite.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/ Frame E5E8 10 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 69743
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 18:19:12 GMT
etag: 10353107486223812946
expires: Fri, 23 Dec 2022 18:19:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1eaa1e49c6d827e7897bafa951c60a71.js Show response
www.gstatic.com/mysidia/ Frame E5E8 9 KB
4 KB 34ms
16ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1eaa1e49c6d827e7897bafa951c60a71.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a983ec1308781984ea4503dd1c4e1317b2b48dcb17dd1a6e68df68560951784b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 22:26:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 400493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4197
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 22:26:42 GMT

GET
H3 200 890d6e0a5dc19f9d14ccf82aa8feec6a.js Show response
www.gstatic.com/mysidia/ Frame E5E8 10 KB
4 KB 34ms
16ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/890d6e0a5dc19f9d14ccf82aa8feec6a.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981792df4c11fb32fea9720db6c7c82dd96da4247fd29ff170b53903e116eecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 22:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 400470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4446
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 22:27:05 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E5E8 8 KB
895 B 44ms
17ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 10 Dec 2022 12:24:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame E5E8 2 KB
765 B 12ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame E5E8 23 KB
9 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame E5E8 3 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:52:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame E5E8 18 KB
7 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5466
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E5E8 153 KB
47 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:35 GMT

GET
H3 200 5abbe811e7745ada511aeaa994a13f9f.js Show response
www.gstatic.com/mysidia/ Frame E5E8 34 KB
14 KB 25ms
11ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 21:34:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 403615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14213
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 20:45:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 21:34:40 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12688093403216609526/ Frame E5E8 4 KB
4 KB 10ms
10ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12688093403216609526/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7275f0fb8158cedd2aca99a9bb760d297331473511835855cf2614badbef18ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 07:26:48 GMT
x-content-type-options: nosniff
age: 108888
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3610
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 10:45:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Dec 2023 07:26:48 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E5E8 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cdnf3joyUY8StMYj8hAbji4ygBY7F1vhlypCWj9oP2dkeEAEggfOTKWCVgoCAuAegAdXz-NIDyAEBqAMBqgTFAU_QBwmgeMEq-5YpT3Ypgz6DM0xIciKbXrdFtE37KwYFavIykpg1ZT-HBiNqgxjsn8nfwg79PS-8Ev8ZSg9RQPfhAgLdTHevc9nVglYfHROnBoZtKMjPMi-r_oN0IR0TVzWiWev8gnnrjZwBMgW1-w-clHVUnBz4U6K7foiOpDjpUTfk1lUafE82aqrIm1YnZYuYcM4GrHf7jgNmZgDfidiplks2siNt_SQZYxbvoHKzzLaenp7H0I-Gago6QVjPMUioaqnBwAS4kp7BtAGSBQQIBBgBkgUECAUYBIAHk4yHLagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEI3ABNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTUyNzEwNTIwMzM3NzY4MTEYAA&sigh=0g5LMXDBpOg&uach_m=[UACH]&cid=CAQSGwDq26N9d_7XbuitGnibnJshEVspuOEVKRDrPRgBIBM&template_id=5001

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DC0D 143 B
166 B 9ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 772
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:28:44 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E5E8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a96d66fca93a80f81afa6efbff759408764273a8820529cade3aaf6c8bdfb3c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DC0D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

17ms
16ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
expires: Sat, 10 Dec 2022 13:41:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8952 624 B
245 B 47ms
45ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhj33Ma7ATAB&v=APEucNXxcig9GrcjO3OYyZ6mSaoPzcFF75Do04govZ9F6bRRdHlKtwl6KOIJoR8_8fMEA61r71-83ks9Jsft3h7OpRWrZYGa4MIcCq0V5qTmAVoU9AdWxU58wD4eEs3SoqOvhOB0J-JSK1u2SpLKiQP-4WaDY-w0ctC_ntmSLvtZ1l2H1MfSTHs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
expires: Sat, 10 Dec 2022 13:41:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E7DA 76 KB
27 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27387
x-xss-protection: 0
server: cafe
etag: 15442950961169408521
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame E7DA 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:52:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/ Frame E7DA 18 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7480
x-xss-protection: 0
server: cafe
etag: 15631949847000551034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E7DA 0
0 316ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5PBQ-fl5GdDs1GVxZ40-_2hdlnCnAJddiLukB_1VME5pstb5DydZwOCpk_uW5jS6i0ccsg8bz7pcKHtv5NZAnRIh4Wg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E7DA 153 KB
47 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47725
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1670417373259609"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame E7DA 23 KB
9 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 12:10:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9443
x-xss-protection: 0
server: cafe
etag: 9828741834572772835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 24 Dec 2022 12:10:29 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7DA 42 B
63 B 152ms
151ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CcBolvmWMUJJjVpi1OxP_27QlYlfbBQ2X-9BbSEcfrMKoyFkml-9XSAT0OC0UPdRkflxfSPqmSJXfQelJmKqp-PPKbKGVABvUAPbFcdFEZISSs4wk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7DA 0
20 B 151ms
150ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15537589476308005678&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8952
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1

43 B
766 B

16ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhj33Ma7ATAB&v=APEucNXxcig9GrcjO3OYyZ6mSaoPzcFF75Do04govZ9F6bRRdHlKtwl6KOIJoR8_8fMEA61r71-83ks9Jsft3h7OpRWrZYGa4MIcCq0V5qTmAVoU9AdWxU58wD4eEs3SoqOvhOB0J-JSK1u2SpLKiQP-4WaDY-w0ctC_ntmSLvtZ1l2H1MfSTHs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8952
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y5SMj0KTbuXQr4l8.u0T-gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhj33Ma7ATAB&v=APEucNXxcig9GrcjO3OYyZ6mSaoPzcFF75Do04govZ9F6bRRdHlKtwl6KOIJoR8_8fMEA61r71-83ks9Jsft3h7OpRWrZYGa4MIcCq0V5qTmAVoU9AdWxU58wD4eEs3SoqOvhOB0J-JSK1u2SpLKiQP-4WaDY-w0ctC_ntmSLvtZ1l2H1MfSTHs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO0ymHK84SRTMSjN5xM46g4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 8952
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

43 B
1011 B

16ms
16ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhj33Ma7ATAB&v=APEucNXxcig9GrcjO3OYyZ6mSaoPzcFF75Do04govZ9F6bRRdHlKtwl6KOIJoR8_8fMEA61r71-83ks9Jsft3h7OpRWrZYGa4MIcCq0V5qTmAVoU9AdWxU58wD4eEs3SoqOvhOB0J-JSK1u2SpLKiQP-4WaDY-w0ctC_ntmSLvtZ1l2H1MfSTHs

Protocol

HTTP/1.1

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:36 GMT
AN-X-Request-Uuid: a8fa4e4e-ac67-4de2-bd0c-257966fdee14
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMnkVHhd9WiWDwi2_qwc_pY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8952
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:36 GMT
AN-X-Request-Uuid: a6f2a3c7-70d8-41df-8880-1f7778c25e84
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7DA 0
20 B 153ms
153ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1980374491444&version=m202209210101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7DA 0
20 B 151ms
151ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1980374491444&version=m202209210101&ct=76&x=1&cor=15537589476308005000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E7DA 86 KB
35 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRXeMpJty6NW28XrxySzYAvQRHq4tYSM_nPfMeDYT6yJqNnv62Mg7QKjGcJZjRZgzFHkXOze5wjMUmUyd1ta1qZA_L568uU5m3hj2waO1WKEoyF2CIwG7iHSkILxX1g5251E5_67ZoAuc0Wh1ckSINa5kRX0HS5hepHLlAAmd0wEyxD1I&dbm_d=AKAmf-ANLyUo-4nEVZ29HFTBtW_iqXR09J3potcqI24axT7oCdGjVj2uHcqAom0AlwO5N1SaoGPjTY_W6yJWZruUWILT5wxUElCPBCxqC7shdzvWS3nhBA_Si-9nU7ZYoikDMHY68wPmvgSvWqyaqi8p_Siyo6CiktB3BsBNdFOnu9EYljCC1zXHaVLzOc35LhJkJlIasxhSYb8wxFss-ZzBr99mDyBT2nhxRH-_2RimCKK3qkC_I6WEFf1bVCe3Sj436ftoBjF_-XRdD2Gt8B28dwzXAskShob_Xh3tEqBwBXQg4elRu1VPAX5RVQ4eOQvgE2K6Xwc2j-qKbimI08f3TFlRPGbn_i7HfBlVu5KPKsXpdUqwr8e4-o4UgjRA1EUD8L418YoNxbOIQiPxXTi33s_oa5FA9echS807wivQF9slxNRCJ2xFw4yK2wrDgLKlzSPHxy-ue1ShkOlofyAoCAGYhOg-aCXNo1EgspBhAz3k8jyNyN42rm7Z_R2bYbKcjeQoNSrmP_5R-URfOGD66plcGG2VcpoCulnCyetPMWSezWfJk74Mbc22zhDGnwgGR8rIZtgw67816_fkLa33E0LuRVhNE1BIkImO2Q1UzC63PwTwOeOiAj7VyIM2DFZnjLSp9CUP0lGQQ63TIhJcWb095I5YIEW1G5QHGIDNbXoXMOO7luyk1pfjgeXGfOguO-SKdVmyCUudp2yAHLtt0lW5csi_b1YoidAbtgoI44KIQjCGf9oRV-FNCj2DkF2dBQWtvzcQRd930GvaZATkh-iUOgaesRmwySl3HFewrpSpYDckKc1zxCfQlwBQWjYlA-fjKOUAQOrfyRwA6bt-t3XTUqMotKste8CNCQsf8F3ecqRWaSuWyEsrDHMtZ1Hs4nU3evmwSKGPtxgJubD4HFZkMc5btcDtv_ypT5f9RqgMQj3Tj8JhIDDLQP-dT1WvfWMa5jOS6j-7-ZuyaMOSjaLb156vU5MbR5H4F-QGloONLvgwmkNbBMzM6KZGsQNhNsP83USrz97gjZxqyFWCNSejraMyZv4h_G9t5cYMpu_caSYC4hC8F8BHte4gZ5SmqkuuQkEmcdYBvuhJWDQ2wFP10ybPH0bLH2FGvuEqBvuzXXxby_quVwEK-uSOo-fV7Qsgc2UDhA_2CUXboH5RulhcK1tiBkRq8MF9CilYMQjJfOEEl4qM_gD61xLGpwww5mxz6olE8TDZL_cUYn2SYCIlOB_dyCpcBTmYVR3NNNfaBanr2suzMEfnt-ZgdNWmPMb3gUIJPx5mct1mqlOmWUST56m9Q1Snh-FLk3duN6MZ9IeL9s_ToTU46DsFyVW68_E2EC64LOqUg2foEdXERd5zzwoWVIJjSw4zbF3lILwtgSvOQ6TscfwBitCADFvxdVB5WexwVRd7VOr-ZZjCSlgxbsNC424MkVRh_P3YFzdQDEtMW7ox4Cyp2_wnlkf3a57_jhPOruM9bhmRbEMslxOOJDo9nCx2fmuGO74K-DlXGglYjztq6z2l2Or_U-_1NerTSTix6gNQEwUpl-guN1fDQEVjp15K8hsR20CjvWEoWbHAhDI5K7vb9BzPMJwFEYmc0Vrnm5uFCpa-7uweZJAYxR5jtutOpXcQ9iah3swWSyxHgaXQmYS63Q1TmQ-LX24qzD1VQs1zsqdxNXlh2EaP5dnAFDv9A1gC8CK6Y2iiupamHJ_TMzqfIpWBeZijT6V77v1yMYRuU0MMBaH4OWEelZ-jAASoKiHeJAR2xM2hsNCNoEo1xXpq4gl362zDE6qS1u3y27Qjzng-PkKfibIYJddPw_Fvr5ePobkJ5_8z7xasEb8Z_-H9kJoP-XVpYUC-YzvAe8-7Ci_puD5C0tOEBu2dnXJ1sjQ0Iv_ZuBmtS6FypStgA8yTe-qTImNYPz54hsgp0r3ehkGqNVaD9GFSfsHDohvBGlom4xbKUuNO_8oepkislUr303VMxJ32Fi3bD_Rw4yasIODyCDsGqnH0w4QwYWlqUmz_xEi_FrPmEt6NHhy2EoJBgFUe8yyvxdPCLo5n1MHTKOx6n_nryIh5bPXt5l23d1t4jDi1OUXJMKR9lk1AcYTcoVw6TlhI6J4oUHpOYjMUSvrUyFmijKHUcG2f9RqFUQtuPOo8Q1H2Umm19KqmanDOiV7ZVfbN2Pi8j4dN-4NPyRfEox-u4JtsNMvbb87SqsYIrpywkesqHLVD736SmGmarABL6DJWoVe8btw0iDa1uQfguJBNJMycQvbnXfyWKigPdwZh6zuaJ7bEz-oEvkGJzQhP520x5UZfDdnohCtNKLS1c8sGqZd-QznxYsvtxiiJG-D6vR-EpXCb7nuLkqOrQ68XEMWT7PcHEv973jMF7NbWK9-GrDu6h89FymMyoUe9KZT8XAIGWs_NBfouq5XrA0lBECMUQDM9cT_zioOEouvE5Ny1MtUgSkECO5JPz79z6Pe8Io0Oox1ksOk6MCPPQlVX4Q1du55P2NegUv0lqhCw56qPRkZ6IizhIQ9ZnkYun2h5PaW5DzbJ-m7hKrBbXnRV7RgRQNIylG_m7WyIRwE1ZFCLoU83w6PszXzawl3IAO7pnRkpgmY1HLqcx20JPsDoS9Ic8TXwK7BJfK2UWUfeFhzHC3niSMcOWnY361hdTQqIJaKqbsmyp57Z-0DnQ8i3VeDnXCq5W2TPYtIR8hZXJePE6ShItPvhFOeSx0XPdmgMGfppEhvvd7XMxq1ZRvxAv5CtAcNgE22WyWRLXaBpwnteaZKlyPOMHfTEH3If43iyWPCLeFNrf7QNFf9NzkXUrwR79-uIoPaE2kijhwTQdX99WioPXDg0Hu5sTqBrcDdrRtA1haIuixKme75-Z9_uVygX0bltMmU1W7jvN1BqFB1FVXge0TYjV7SwwTHje2A03S3qhy39n4q1Y9NZ3HbrJTt9oMaRZrnAYkbbrpCROB_x4hZAronkpSf9T2y013FRsAWklHlqEr2dpJCCo-KaYhhMEErl5jnEU4hGl-j8_KeZRIJdg4CrO3hT5vEo_koOwE3ZUYieYg9lm3Qx433PI_GbKa7Y4eWRyojCW6AOATl53p05tum3FU6afZ8gaBZGlnXCB2oZYmzi8ZcciS8l5ByYVVTdhhpUKlMuGo2dCXIm-lP3BGaAJp4y4AKZmTBWTxKeqKC5YY6_XxD5WBi3YpRRUBUBsdhI6Db2QAx0BB_1Gw4dRvk1VjuNOJ0QZ-iySLJ8v-iMtUUZOglwrI8NAhUx10LBQfn4LUD4r5aBCFB3iI4Cm5ULyCjye026kilr1Sd9fFJ64rR2--mb-XqRFqQsAzox18codRu3uPJDzc_NewpaI-U3_AX8RYLslxenTF2rMWvrLc3wBKsVuaDY2Ab8_dsSU__oZfbkvVs5V8RMOjLHHqRTHAYkFrACJnCqxsFE7eLK2kY&cid=CAQSPADq26N9o2o7EtWgumJYXrLTii79oiOjFeo4FD6PvyEloZL89B4FajsoFN6bpZrXJAVLBsC2N_D99Ca5LhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fwww.proxysite.com%2F&ds=l&xdt=1&iif=1&cor=15537589476308005000&adk=2935317967&idt=81&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

008d21a14033718a78a3877537abbef73a7e1796d448823ee6e7ef5162bc2411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35740
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame E7DA 170 KB
59 KB 28ms
10ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12647
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/ Frame E7DA 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRXeMpJty6NW28XrxySzYAvQRHq4tYSM_nPfMeDYT6yJqNnv62Mg7QKjGcJZjRZgzFHkXOze5wjMUmUyd1ta1qZA_L568uU5m3hj2waO1WKEoyF2CIwG7iHSkILxX1g5251E5_67ZoAuc0Wh1ckSINa5kRX0HS5hepHLlAAmd0wEyxD1I&dbm_d=AKAmf-ANLyUo-4nEVZ29HFTBtW_iqXR09J3potcqI24axT7oCdGjVj2uHcqAom0AlwO5N1SaoGPjTY_W6yJWZruUWILT5wxUElCPBCxqC7shdzvWS3nhBA_Si-9nU7ZYoikDMHY68wPmvgSvWqyaqi8p_Siyo6CiktB3BsBNdFOnu9EYljCC1zXHaVLzOc35LhJkJlIasxhSYb8wxFss-ZzBr99mDyBT2nhxRH-_2RimCKK3qkC_I6WEFf1bVCe3Sj436ftoBjF_-XRdD2Gt8B28dwzXAskShob_Xh3tEqBwBXQg4elRu1VPAX5RVQ4eOQvgE2K6Xwc2j-qKbimI08f3TFlRPGbn_i7HfBlVu5KPKsXpdUqwr8e4-o4UgjRA1EUD8L418YoNxbOIQiPxXTi33s_oa5FA9echS807wivQF9slxNRCJ2xFw4yK2wrDgLKlzSPHxy-ue1ShkOlofyAoCAGYhOg-aCXNo1EgspBhAz3k8jyNyN42rm7Z_R2bYbKcjeQoNSrmP_5R-URfOGD66plcGG2VcpoCulnCyetPMWSezWfJk74Mbc22zhDGnwgGR8rIZtgw67816_fkLa33E0LuRVhNE1BIkImO2Q1UzC63PwTwOeOiAj7VyIM2DFZnjLSp9CUP0lGQQ63TIhJcWb095I5YIEW1G5QHGIDNbXoXMOO7luyk1pfjgeXGfOguO-SKdVmyCUudp2yAHLtt0lW5csi_b1YoidAbtgoI44KIQjCGf9oRV-FNCj2DkF2dBQWtvzcQRd930GvaZATkh-iUOgaesRmwySl3HFewrpSpYDckKc1zxCfQlwBQWjYlA-fjKOUAQOrfyRwA6bt-t3XTUqMotKste8CNCQsf8F3ecqRWaSuWyEsrDHMtZ1Hs4nU3evmwSKGPtxgJubD4HFZkMc5btcDtv_ypT5f9RqgMQj3Tj8JhIDDLQP-dT1WvfWMa5jOS6j-7-ZuyaMOSjaLb156vU5MbR5H4F-QGloONLvgwmkNbBMzM6KZGsQNhNsP83USrz97gjZxqyFWCNSejraMyZv4h_G9t5cYMpu_caSYC4hC8F8BHte4gZ5SmqkuuQkEmcdYBvuhJWDQ2wFP10ybPH0bLH2FGvuEqBvuzXXxby_quVwEK-uSOo-fV7Qsgc2UDhA_2CUXboH5RulhcK1tiBkRq8MF9CilYMQjJfOEEl4qM_gD61xLGpwww5mxz6olE8TDZL_cUYn2SYCIlOB_dyCpcBTmYVR3NNNfaBanr2suzMEfnt-ZgdNWmPMb3gUIJPx5mct1mqlOmWUST56m9Q1Snh-FLk3duN6MZ9IeL9s_ToTU46DsFyVW68_E2EC64LOqUg2foEdXERd5zzwoWVIJjSw4zbF3lILwtgSvOQ6TscfwBitCADFvxdVB5WexwVRd7VOr-ZZjCSlgxbsNC424MkVRh_P3YFzdQDEtMW7ox4Cyp2_wnlkf3a57_jhPOruM9bhmRbEMslxOOJDo9nCx2fmuGO74K-DlXGglYjztq6z2l2Or_U-_1NerTSTix6gNQEwUpl-guN1fDQEVjp15K8hsR20CjvWEoWbHAhDI5K7vb9BzPMJwFEYmc0Vrnm5uFCpa-7uweZJAYxR5jtutOpXcQ9iah3swWSyxHgaXQmYS63Q1TmQ-LX24qzD1VQs1zsqdxNXlh2EaP5dnAFDv9A1gC8CK6Y2iiupamHJ_TMzqfIpWBeZijT6V77v1yMYRuU0MMBaH4OWEelZ-jAASoKiHeJAR2xM2hsNCNoEo1xXpq4gl362zDE6qS1u3y27Qjzng-PkKfibIYJddPw_Fvr5ePobkJ5_8z7xasEb8Z_-H9kJoP-XVpYUC-YzvAe8-7Ci_puD5C0tOEBu2dnXJ1sjQ0Iv_ZuBmtS6FypStgA8yTe-qTImNYPz54hsgp0r3ehkGqNVaD9GFSfsHDohvBGlom4xbKUuNO_8oepkislUr303VMxJ32Fi3bD_Rw4yasIODyCDsGqnH0w4QwYWlqUmz_xEi_FrPmEt6NHhy2EoJBgFUe8yyvxdPCLo5n1MHTKOx6n_nryIh5bPXt5l23d1t4jDi1OUXJMKR9lk1AcYTcoVw6TlhI6J4oUHpOYjMUSvrUyFmijKHUcG2f9RqFUQtuPOo8Q1H2Umm19KqmanDOiV7ZVfbN2Pi8j4dN-4NPyRfEox-u4JtsNMvbb87SqsYIrpywkesqHLVD736SmGmarABL6DJWoVe8btw0iDa1uQfguJBNJMycQvbnXfyWKigPdwZh6zuaJ7bEz-oEvkGJzQhP520x5UZfDdnohCtNKLS1c8sGqZd-QznxYsvtxiiJG-D6vR-EpXCb7nuLkqOrQ68XEMWT7PcHEv973jMF7NbWK9-GrDu6h89FymMyoUe9KZT8XAIGWs_NBfouq5XrA0lBECMUQDM9cT_zioOEouvE5Ny1MtUgSkECO5JPz79z6Pe8Io0Oox1ksOk6MCPPQlVX4Q1du55P2NegUv0lqhCw56qPRkZ6IizhIQ9ZnkYun2h5PaW5DzbJ-m7hKrBbXnRV7RgRQNIylG_m7WyIRwE1ZFCLoU83w6PszXzawl3IAO7pnRkpgmY1HLqcx20JPsDoS9Ic8TXwK7BJfK2UWUfeFhzHC3niSMcOWnY361hdTQqIJaKqbsmyp57Z-0DnQ8i3VeDnXCq5W2TPYtIR8hZXJePE6ShItPvhFOeSx0XPdmgMGfppEhvvd7XMxq1ZRvxAv5CtAcNgE22WyWRLXaBpwnteaZKlyPOMHfTEH3If43iyWPCLeFNrf7QNFf9NzkXUrwR79-uIoPaE2kijhwTQdX99WioPXDg0Hu5sTqBrcDdrRtA1haIuixKme75-Z9_uVygX0bltMmU1W7jvN1BqFB1FVXge0TYjV7SwwTHje2A03S3qhy39n4q1Y9NZ3HbrJTt9oMaRZrnAYkbbrpCROB_x4hZAronkpSf9T2y013FRsAWklHlqEr2dpJCCo-KaYhhMEErl5jnEU4hGl-j8_KeZRIJdg4CrO3hT5vEo_koOwE3ZUYieYg9lm3Qx433PI_GbKa7Y4eWRyojCW6AOATl53p05tum3FU6afZ8gaBZGlnXCB2oZYmzi8ZcciS8l5ByYVVTdhhpUKlMuGo2dCXIm-lP3BGaAJp4y4AKZmTBWTxKeqKC5YY6_XxD5WBi3YpRRUBUBsdhI6Db2QAx0BB_1Gw4dRvk1VjuNOJ0QZ-iySLJ8v-iMtUUZOglwrI8NAhUx10LBQfn4LUD4r5aBCFB3iI4Cm5ULyCjye026kilr1Sd9fFJ64rR2--mb-XqRFqQsAzox18codRu3uPJDzc_NewpaI-U3_AX8RYLslxenTF2rMWvrLc3wBKsVuaDY2Ab8_dsSU__oZfbkvVs5V8RMOjLHHqRTHAYkFrACJnCqxsFE7eLK2kY&cid=CAQSPADq26N9o2o7EtWgumJYXrLTii79oiOjFeo4FD6PvyEloZL89B4FajsoFN6bpZrXJAVLBsC2N_D99Ca5LhgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fwww.proxysite.com%2F&ds=l&xdt=1&iif=1&cor=15537589476308005000&adk=2935317967&idt=81&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 18:10:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 23 Dec 2022 18:10:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/ Frame E7DA 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 15:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11387
x-xss-protection: 0
server: cafe
etag: 8197878782792770439
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 23 Dec 2022 15:38:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E7DA 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 07:06:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110111
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Dec 2023 07:06:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 233D 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 09:30:19 GMT
etag: 48472445140208031
expires: Sun, 11 Dec 2022 09:30:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E7DA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5562966734e1347fe436355fe8cccf7247f013173572d616957bf198bf8b3eb8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8F9A 22 KB
8 KB 9ms
9ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 583334
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 19:39:22 GMT
expires: Sun, 03 Dec 2023 19:39:22 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15254121906544013741/ Frame AFCE 1 KB
764 B 33ms
15ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8c0c2420073e99022529c20081329ab40efb135698702b4cb7b88682536b336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 736
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
expires: Sun, 10 Dec 2023 13:41:36 GMT
last-modified: Sun, 23 Oct 2022 18:54:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E7DA 0
0 70ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuqOdUoea78d5iirjPNstwfppIUhXq3iVWBgNOWYRZa1xOULpMMlfiJZOOKrkmZawEZ9Szz0wKsXzBJl_xVs0BUU2OtVLdG1MF62-96HH828R55A11xHntulknwJWlb6AqWZa3nuUye7ncxtjfXIcR8BG2sDR_35-Sf2EBF3VzyhbR6Iyv77HGMOHW6s4u78UOEkQqpZPVfAluCbwl-cBWhPOG55SAHI0EnjFFkg_Y1yKxFoItWb-gCpnTJXN1LcB76N0aPqpO_GDFoXlVaHDWfA1TJmZq-IhPN1fXlJnVfxH1IWxG9XkCr8kWd_rh6kj8H0CCCd3QAbmrHGQE33LN6qbqLzCr5LRgAE8ovlWFPSb1vTVwZaWTjvqSHbXu0I8wDAnMkYm60eWXU1mMBhbq8O0fe5scjoIqMjDC8XtZwWiP8KHzxKirgP6-NlBPQZ55eDd3aMK-L_THMa9s35Yp9zKckpjES_0CQlKKiDRqRzmJOgn_ogdbQ_k7Fkl9dwfJ1Al_2w3kRD8xyI9shWb7aceqJdf-d4vFHenIrmIRXngq9p3WQWTFZEVM_PjEo-_9q2lan7oY5FnID4zjtfqCWTJDiPrt7xccVdcW9IMUl1HV7sIUJysCfS46_sx28WRf8roa3JGveCzCDUfwa64GMOiFAfWVzgFBGuo20OzkNc9RCUOoN1Bhr_82T0i3QBQUhsucHNZMPve9lPI6tB7ey_uV6vow_OMHmt19X6CdLxtUKU89oLgCtFh-W2I537UyUMv-X0IzLirvRAkv-17kJbAP0cPWIF3M20E4S_9dg9D5DeUfpp4w0s0fWBjQkeM_SFl51mrWXYTN_Wkohxr_owrRnZNZcOvjkC9szqe-T1nTIKj4gIjAo1Pm2TVEyNcJ5A5mB_weSHHKxesNrSO7iwnCzrMvKeCQYVKfE6Tw7JKOLI4SmrqaJhsqEzdNGl-GsmwP0SMyaswy_XyavyBMsu0v_XGzjS5CTnlfIZpByMTThwHqIY9Wc6fFE_6BBWAGX8mgnIrTpSXEVxbjcDb1xn1zOnfQernzquHJTBwxgNVS0V78rKthEXn7in-F96UNK2G00_lePl4CHsKg_eTvmlf7Dr4r9GbxJeO-GBj7Y4dJpoqa28dwyPKq8St1AKGQXu7DDS5_ANAruTSMC18Yog2MJrF8Vf8yUj2KV0ox4nJvH9zRqKTFyIq0jLovsIUXmmW_WBESITRZ0WUpUNtOXPlDUzZgHqE9uqmo&sai=AMfl-YRlypVGBUQZPBXPkGM84BUCnGuyqeXlzW69UqizhFRAwYTy8XfYsGbxv9XCD99Lls5_aiij6O82IA9sz2kiOTxPD6AdnZRBV-qyWDlosaktWbp1vp5YADebur0fwllKXTifuHnenqrwSPMubpwLT7lpgiCoY3y6NRShpPphmd2fM9533xUTp6zPgXGLKcPtlPDjDl0OMNIWCmh8Jz3-gDTGLy5Qgrd0qb-k7esfqBK-DILGJbA5f8SsDf7ZBTdlz_Nv3QFsVjTJqg&sig=Cg0ArKJSzE607mkX6mVBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=66&cbvp=1&cstd=61&cisv=r20221206.68853&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame E7DA 60 B
60 B 145ms
39ms Image
image/gif 213.202.235.9

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lx-mindshare&extProvApi=lx_de&extLi=26845297&extCr=180884667&extPm=321130507&gdpr_consent=&gdpr=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 , Germany, ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Sat, 10 Dec 2022 13:41:36 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Sa, 10 Dez 2022 01:41:36 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1894
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 233D
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1&google_push=ASkJ3FZL6uEuLlXXulUr7jx7JvS6FEkpNugUw7FhwnlCjtNcruhMlUopR7u8LTTlUEQ4XVM9ozJcW8DSK57cg3oVa2uvKtaqJNRS
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMxMTQxNDUyNDYxNDg3MjI2OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1

43 B
398 B

99ms
23ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAKbWXeIVsKOQfmy19Os5W0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 233D 0
173 B 50ms
16ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOPF2-CbKD4oe9QFo6ZWlY4&google_cver=1&google_push=ASkJ3FaNk_w7d1alJ_6KqrsHKR63pgk4ehmHnwQMHcLo2EGT9WOHCvgJFbS1tHHAxoGbbUocH3fhEVjxhGuZKExd9gMFiGKSgHoWhQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 233D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_hm=Y5SMj0KTbuXQr4l8-u0T_gAACLoAAAIB&google_nid=index&google_push=ASkJ3FZSEMgZDje4eunMezjN5WGFFtDokWjRb...

170 B
188 B

20ms
20ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_hm=Y5SMj0KTbuXQr4l8-u0T_gAACLoAAAIB&google_nid=index&google_push=ASkJ3FZSEMgZDje4eunMezjN5WGFFtDokWjRbPLsiblfUOXkOZeOkSTLExKE7gz36CRZd30d_-MZ_MnHvhiOkSAutskTyu2R0qW0

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0bX5vEjiqFw6uVZjMrpaTfxIGFtAHJRQfM2WEA0TWDlyeAuNkrxIUfHwBBfHjUi6%2FZbKw3APELVdFClDWoy0Uz9Q36io%2F3NkitwnvRoZXYlRk7m7MgNeoF5f93BZW5o5XT8yds2Iy1jSSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDjJw8cZqZiWxHsr_H9K__U&google_hm=Y5SMj0KTbuXQr4l8-u0T_gAACLoAAAIB&google_nid=index&google_push=ASkJ3FZSEMgZDje4eunMezjN5WGFFtDokWjRbPLsiblfUOXkOZeOkSTLExKE7gz36CRZd30d_-MZ_MnHvhiOkSAutskTyu2R0qW0
cache-control: no-cache
cf-ray: 777666286efa92b1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 233D
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEBq_K4aPgKdzu8NelUsI43g&google_cver=1&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEBq_K4aPgKdzu8NelUsI43g&google_cver=1&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_&google_hm=Fyv1sGZHcr94B_AJS42H40s8

170 B
188 B

22ms
22ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_&google_hm=Fyv1sGZHcr94B_AJS42H40s8

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 10 Dec 2022 13:41:36 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ASkJ3Fa6We7YYewPLrux87YlbYh4mROcfmp16XVpwCwVIvKPDeHk3Ft-p3nlIeSIKbf5scIk44zi7BhJH2qBWUra1fDgDKwEMQR_&google_hm=Fyv1sGZHcr94B_AJS42H40s8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 233D 0
45 B 284ms
25ms Image
text/plain 185.86.139.104
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESECb1VITfFIEExO6JuabW80s&google_cver=1&google_push=ASkJ3FaImwtnzoY3hikmNqrJWTUVJz26uO4Qxksc50KyBySWD0ZFKTEtI7HA2OwpqUkhZ4H4stFyVrtWKQ_WPQMTYt1zjYW3nzStcA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5271052033776811&output=html&h=90&adk=2236586032&adf=2192318161&pi=t.aa~a.1534086353~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1670679695&rafmt=1&to=qs&pwprc=8717720231&format=1200x90&url=https%3A%2F%2Fwww.proxysite.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1670679695800&bpp=1&bdt=1734&idt=-M&shv=r20221206&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbd64e8705b602b23-22e46697ead900f6%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w&gpic=UID%3D00000b907d261ba1%3AT%3D1670679694%3ART%3D1670679694%3AS%3DALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA&prev_fmts=990x280%2C990x280%2C728x90%2C0x0%2C1200x280&nras=3&correlator=3865945769356&frm=20&pv=1&ga_vid=1224739227.1670679695&ga_sid=1670679695&ga_hid=300187776&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1794&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071114%2C44778769%2C31061690&oid=2&psts=AMjMPc2iTI2DiGG8UD9t8iAM-rh-T1uhvsZk9ynm5iwAPOO4n4P_InirQRs8lFuylVUKPRveDKpubxAQesx-7w2Jkg&pvsid=429089354438514&tmod=691619993&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=k2oU7sPbbQ&p=https%3A//www.proxysite.com&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.104 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 233D
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEOOEoWuD4CPOVjo2dKOgUdc&google_cver=1&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE0CNbD9ocHNaADSpkydStE4ia-3UpV1IH5fbg&google_hm=A...

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE0CNbD9ocHNaADSpkydStE4ia-3UpV1IH5fbg&google_hm=AECzttRZQUyLKrRQYxwoPCw

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:35 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=ASkJ3FaIIGgatyGvIbJ1CbhkYqlT0S_RlXiQRxRdlAVTJ5XsvKEN0GWAIUYMiCTzmE0CNbD9ocHNaADSpkydStE4ia-3UpV1IH5fbg&google_hm=AECzttRZQUyLKrRQYxwoPCw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 233D
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaK...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaKs-Eqfe0z7tCTcIe-9...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaKs-Eqfe0z7tCTcIe-9Yjmpky-hacWArwSfMo86ySNJzZ-kx7tWE9dAEbyL8RZOf8V8F17iZkbczz6RgA1uhQAA

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 10 Dec 2022 13:41:36 GMT
AN-X-Request-Uuid: f6e6197e-bc53-4498-bc76-1d1459cc6aa6
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTc2OTc5MzMzMjI0MTQwNDE5NA%3D%3D&google_gid=CAESEPuVK1Yif9abcu8LqShHSIQ&google_cver=1&google_push=ASkJ3FYjUCKgMQIaKs-Eqfe0z7tCTcIe-9Yjmpky-hacWArwSfMo86ySNJzZ-kx7tWE9dAEbyL8RZOf8V8F17iZkbczz6RgA1uhQAA
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 233D 0
12 B 16ms
15ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LLioXymggLDDxLKqffYNPJ-jmyl2N4S8Iip8G6HTRNMPxRox7TKrP93aCFaRPsaQESxNdjrqs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F9A 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame AFCE 113 KB
38 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame AFCE 118 KB
40 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 10:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Dec 2022 10:10:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E7DA 0
0 52ms
51ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuqOdUoea78d5iirjPNstwfppIUhXq3iVWBgNOWYRZa1xOULpMMlfiJZOOKrkmZawEZ9Szz0wKsXzBJl_xVs0BUU2OtVLdG1MF62-96HH828R55A11xHntulknwJWlb6AqWZa3nuUye7ncxtjfXIcR8BG2sDR_35-Sf2EBF3VzyhbR6Iyv77HGMOHW6s4u78UOEkQqpZPVfAluCbwl-cBWhPOG55SAHI0EnjFFkg_Y1yKxFoItWb-gCpnTJXN1LcB76N0aPqpO_GDFoXlVaHDWfA1TJmZq-IhPN1fXlJnVfxH1IWxG9XkCr8kWd_rh6kj8H0CCCd3QAbmrHGQE33LN6qbqLzCr5LRgAE8ovlWFPSb1vTVwZaWTjvqSHbXu0I8wDAnMkYm60eWXU1mMBhbq8O0fe5scjoIqMjDC8XtZwWiP8KHzxKirgP6-NlBPQZ55eDd3aMK-L_THMa9s35Yp9zKckpjES_0CQlKKiDRqRzmJOgn_ogdbQ_k7Fkl9dwfJ1Al_2w3kRD8xyI9shWb7aceqJdf-d4vFHenIrmIRXngq9p3WQWTFZEVM_PjEo-_9q2lan7oY5FnID4zjtfqCWTJDiPrt7xccVdcW9IMUl1HV7sIUJysCfS46_sx28WRf8roa3JGveCzCDUfwa64GMOiFAfWVzgFBGuo20OzkNc9RCUOoN1Bhr_82T0i3QBQUhsucHNZMPve9lPI6tB7ey_uV6vow_OMHmt19X6CdLxtUKU89oLgCtFh-W2I537UyUMv-X0IzLirvRAkv-17kJbAP0cPWIF3M20E4S_9dg9D5DeUfpp4w0s0fWBjQkeM_SFl51mrWXYTN_Wkohxr_owrRnZNZcOvjkC9szqe-T1nTIKj4gIjAo1Pm2TVEyNcJ5A5mB_weSHHKxesNrSO7iwnCzrMvKeCQYVKfE6Tw7JKOLI4SmrqaJhsqEzdNGl-GsmwP0SMyaswy_XyavyBMsu0v_XGzjS5CTnlfIZpByMTThwHqIY9Wc6fFE_6BBWAGX8mgnIrTpSXEVxbjcDb1xn1zOnfQernzquHJTBwxgNVS0V78rKthEXn7in-F96UNK2G00_lePl4CHsKg_eTvmlf7Dr4r9GbxJeO-GBj7Y4dJpoqa28dwyPKq8St1AKGQXu7DDS5_ANAruTSMC18Yog2MJrF8Vf8yUj2KV0ox4nJvH9zRqKTFyIq0jLovsIUXmmW_WBESITRZ0WUpUNtOXPlDUzZgHqE9uqmo&sai=AMfl-YRlypVGBUQZPBXPkGM84BUCnGuyqeXlzW69UqizhFRAwYTy8XfYsGbxv9XCD99Lls5_aiij6O82IA9sz2kiOTxPD6AdnZRBV-qyWDlosaktWbp1vp5YADebur0fwllKXTifuHnenqrwSPMubpwLT7lpgiCoY3y6NRShpPphmd2fM9533xUTp6zPgXGLKcPtlPDjDl0OMNIWCmh8Jz3-gDTGLy5Qgrd0qb-k7esfqBK-DILGJbA5f8SsDf7ZBTdlz_Nv3QFsVjTJqg&sig=Cg0ArKJSzE607mkX6mVBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=166&vt=11&dtpt=100&dett=3&cstd=61&cisv=r20221206.68853&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4672102/ Frame AFCE 6 KB
2 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4672102/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba203b80f3c768f833e27741e787c2298d841dc59e6c1a20eff2311f6cb632c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2357
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 08:55:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:42:53 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AFCE 7 KB
5 KB 53ms
53ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

39c1354553bc2ef4e66f5b7ca4a0681abb6f59fab8179aaef5f70ca88b7dcc12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5562
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/v2.5/plugins/ Frame CE2A 48 KB
18 KB 104ms
85ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21725a2e36a054%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ffd9584a7d49fac%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=bfaf966fceffbad233836c158e56e903

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f49c01fad5a9463068f4c436a10100d762674f42514ba91b069bc614f550cc31

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Sat, 10 Dec 2022 13:41:36 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v9.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: JHI9rmRCO/cgrcgfhRwr/Ct59vthp7hTVsorirgC/9HI0fxnET/vppo1jOP+rCA8CgrjmS8Mg8AvBHTep8ftCw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 56ms
56ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221206&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ea860a640684d6f5bef6db52b5182b8bd9fbcc9195ca33cd86ea6e78613628fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11188
x-xss-protection: 0

GET
H3 200 728x90_js.png
s0.2mdn.net/creatives/assets/4672102/ Frame AFCE 65 KB
65 KB 8ms
8ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4672102/728x90_js.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb872872893fbe01bb550a2e22b92fc6524e75071a16579cb43e0223fad5c19a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:29:54 GMT
x-content-type-options: nosniff
age: 702
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66412
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 14:37:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:44:54 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AFCE 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F9A 0
20 B 158ms
158ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bq6fukIyUY97nH9mY-gb-6bzgBQAAAAA4AeAEAg&bg=!2tml2Z3NAAYgquz3AKo7ACkAdvg8WhTjst-UziguRlGNbNhq6sKJ9d4GuSp__28hjaSbmSy4jYfE7QIAAABzUgAAAAJoAQcKAHBmF9T647JzZFhNoYjRazb1yoGMMpLijDGC02Z4Ddk9tg1jolF1DmNy_qLflmJl0G7Z8qvrG7iX-PY2D-5U4nuoi26GqbMG2MSNoUwzOusi2BOTz_v8XQnYA2D7BjhMI2CWrZXdTEHFIOb7B0-u4EakmQL1iEk_zrR1HF9Um2akNfEudVMVVtcK2AV4M6Gk2bdowUAB-Hl1Bd-Fi-yYztbHaI_UaH-4F4npqo66gQP1iBxKUsOizWUgLpyMv68QL84g70MCpy5B1PAR7G-eBFtTRfIbQ5gknaWk0gr51MIo7IqeE_M1YBi5_URCrZzUYFQbGPoZd3GoosFZmqrGLD67qVxUrKlei2McuoTVBlBWu8Ruynl_VJfqSKTqn8yaKyv00TsLa0c47-wWYp2vZafefajwVXHVbwWXZmDXUPKkvnMnfPF3eC08xnfsbZ6IqS6Y70uyRk7Ex4gVad8qvRp7aP4h_smcIMefLvMOQ9cEw5RQ-FIQZp-FCL8G90-jn1FD8K90uMHg1SMioTD8k9AS78C5oUpQu7CaJDYEKLzJ452Aq43GD2vCnLVREVO4nIfm5x4TZr-oNB6X8GeEyU0VWNw8LqsN-r246NYGXOcywXxqVCM_qveI-Ge4bgj2jUuxOd0VQ_Q6fzpSm2_dLZbXKrW9UazGhd1DwOUIKuf_lYBNQa6QsFb0JguUWByTVny8a-TUD5VRoGdss5yGUAZIVwsOx6MuzK17bTjrqUZDEsSq9Zk9TjVex5U_S0kQsrTnFuASINMp5nLPeYC_PIwdNEt1mSfK0tjmASVNQD9f2DfPtDboAcmV3JQ6rSlum6mRiH-WsBghttawiFhtOa20-3wfaw_XL-bqwo3G3bRxxj33IlnFJrVzss7MPl6UsboYm1GCnc87ajA9ZK4PlOWsfYmEoOSpCCEJmbhpw2m84Dkofn08LoXxynG5N5rKyRoVdCcbSmrv4Qpj_uCkRiDIQRwsjoqQKhp1E-KSskJnTm8gpqSqH2yrjrEGn46HKpzbts66xPJ0669dOUPiyW19SGSQOrR1cEphsQ-48zmrMKEN-W9z3KbkBVXSU5E5ZTYxf49NR3PXifHkS7Bx5sW5CEdT1Suo5Dvn5dRl5l0b7MMBRHq3yZJ0nBgyqB4gVtng_j7txo1VBA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame AFCE 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame AFCE 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame AFCE 4 KB
2 KB 18ms
17ms XHR
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/star_alliance.svg

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:28:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 786
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1840
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 09:22:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:43:30 GMT

GET
H3 200 MadeOfSwitzerland.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame AFCE 9 KB
3 KB 18ms
18ms XHR
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/MadeOfSwitzerland.svg

Requested by

Host: www.proxysite.com
URL: https://www.proxysite.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:30:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 659
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2792
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 10:19:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:45:37 GMT

GET
H3 200 de_swiss_rgb.svg
s0.2mdn.net/creatives/assets/4669666/ Frame AFCE 2 KB
877 B 18ms
17ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669666/de_swiss_rgb.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 849
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 15:45:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:53:21 GMT

GET
H3 200 Abendstimmung_Offer_728x90.jpg
s0.2mdn.net/creatives/assets/4669663/ Frame AFCE 16 KB
16 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669663/Abendstimmung_Offer_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07132486bb895d6953db2e5d71d6e17179d92f58d0c195fb0f934f21cb6efd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15254121906544013741/index.html?e=69&leftOffset=0&topOffset=0&c=91aXgbBVNB&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:02 GMT
x-content-type-options: nosniff
age: 34
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16513
x-xss-protection: 0
last-modified: Wed, 16 Nov 2022 14:41:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 10 Dec 2022 13:56:02 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 13:41:36 GMT

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame AE25 36 KB
16 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7E4D 42 B
64 B 152ms
152ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrHuifYm-OVV8HC1aoE50eSoMZemJ0Jg9MyNkJcLvVUmoUk9Bvk6N_YgKojqsiTRN2XFWEXvJypxEvCYbIW31_s5yAizWqGCw7xVUIYTSgI1mZ7TGrmbjT1yC0qgZR2INIuXlRQQ&sai=AMfl-YT1IfZMxFyUCVWzSudXrK8p52RaF-P2LV5AzefBPMLqN1yf1tKI5zmHr88gTmtUAaXUjU-gFp6KKv5lCSU&sig=Cg0ArKJSzMZvfmLL3C5MEAE&cid=CAQSGwDq26N9U3HzVZLcV5Twmd7rEfCDiR8aE8Ye2BgBIBM&id=lidar2&mcvt=1002&p=0,0,280,990&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3927345067&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670679694704&rpt=1204&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 08B8 42 B
64 B 153ms
153ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssoIaCQFXde6AY32j6-rGpekoCnTADY-3LwYe7Va8XUBgykmRnHoVtXKQPWsIpf7VunDv4cA_aYkGhABAaXDn-JCQ2qvXoNNHkWnVt5neC4IkH0ki2aK-gdSo8D68eVxUZ30cmrCg&sai=AMfl-YSPX2GWUJ2aWNrTA608luZqxgVMrniSlOchckX-g4TIeSAmpX3bWER4LBzNFzQP8wThbCK0EEM6zvFn6Og&sig=Cg0ArKJSzEkKHbqEsBCwEAE&cid=CAQSGwDq26N9c8CjtSbKO8G_knL4re1CJnuoR33sohgBIBM&id=lidar2&mcvt=1005&p=0,0,280,990&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=523175106&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670679694720&rpt=1177&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame CE2A 299 B
558 B 33ms
32ms Image
image/png 2a03:2880:f028:16:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df21725a2e36a054%26domain%3Dwww.proxysite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.proxysite.com%252Ffd9584a7d49fac%26relation%3Dparent.parent&container_width=105&href=https%3A%2F%2Fwww.proxysite.com%2F&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false&width=80

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f028:16:face:b00c:0:3 Sofia, Bulgaria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:36 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: boTJ6+6kXCAAT6zluadzriw/f7WPBoCCpvmy2xhMgPSSpiOhJZ8iBYdetvsUf3FVgHokWpQcmE+bVxTgun5jJg==
x-fb-trip-id: 1460883810
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 08 Dec 2023 03:40:12 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 66FD 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 82
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:40:14 GMT
expires: Sun, 10 Dec 2023 13:40:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0702 783 B
536 B 19ms
18ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

acbbbb36e2b874c8a7674ad1b07de8c4add17d3c1e8f7d3edf82be7dcc1a8b1d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EVWfIF-32VgU38Xgih3m4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proxysite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-EVWfIF-32VgU38Xgih3m4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 13:41:36 GMT
expires: Sat, 10 Dec 2022 13:41:36 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 5kP4k-SVu2a.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yQ/l/en_US/ Frame CE2A 524 KB
135 KB 105ms
34ms XHR
application/x-javascript 2a03:2880:f028:16:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yQ/l/en_US/5kP4k-SVu2a.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f028:16:face:b00c:0:3 Sofia, Bulgaria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5042032c95f97e57f0bc66111c57f1e0674276a75b6f456b46830a34f0acb2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:37 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Xstm/8zciYqxESDkgcUe8Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137963
x-fb-rlafr: 0
x-fb-debug: JdSpa+CeTaGTSr/freHPMIJA/8lzqtBWdwRJdpb0Ko60VQamFwZoBkLTsp9m9ajRKxRoD4saNsTgRnJHAOJ3ZQ==
x-fb-trip-id: 1460883810
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 09 Dec 2023 22:04:49 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0702 0
0 151ms
150ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221206&jk=429089354438514&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

GET
H3 200 QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js Show response
pagead2.googlesyndication.com/bg/ Frame 66FD 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QDrzY6hqzGh0aYGUuTA1ex70oaN1LFGaXyg_pTqcRvs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15878
x-xss-protection: 0
last-modified: Mon, 05 Dec 2022 17:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Dec 2023 20:13:42 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 66FD 0
11 B 7ms
7ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4OYXBA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 13:41:37 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E5E8 42 B
64 B 153ms
152ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkPbHs1bVt64kQvTqxb8bqxAezd1eNeonkwidoIlJMA6zdJmUL3Bt6uv5la-17ifTO50EYCfmb5rx1Jc2Z1toDMSNx2MkFS-4Zq-ygUrLrX3zw23R5v92WrhXPciQIl7zmwGpgwA&sai=AMfl-YQG7cqEmvnrDDC7OUjwDCDUVt0_1F4Yl83yu_rmpcz9GMDscqmn_KaKA2zeoMLeLM4OM6qE11dqSFcHlsE&sig=Cg0ArKJSzNb9EcOquANREAE&cid=CAQSGwDq26N9d_7XbuitGnibnJshEVspuOEVKRDrPRgBIBM&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=84,767,1000,1114,1183&tos=84,683,233,114,69&v=20221207&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1670679695926&rpt=187&met=mue&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 158ms
158ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221206&jk=429089354438514&bg=!S0ilSAzNAAYgquz3AKo7ACkAdvg8WgNRpFHXTFZEPr9MnkGFtmWGyl79Y82ySApbaXyJ4bzVN763wQIAAABiUgAAAAJoAQcKAFcLaJQjh1_VWNRWWz4NCuodddid6iDWIxxwCmLMOJxoSdy4TxhRdQLQv-AkkLJAVm6QKGmi3Zyda50NN2zblX4VD5CszVci1PZhW2lIg8Sby40xSoJkzeqZApyb0QfrLfPKYqUvCv5oD2qwd0tyIQQZojFwMLT8MNuLq4R8edorYM_Ef4M3IbFc7W5hv76ohXA4Jc6TAwDdO9GFsOWP0ME4DHwxxNgrAV3TG-dYYHTnEfxXpQDiTcTs_-A_LmVWbc1klqo7jdmQg-_Kg1UFcYfymWIDoYxqvhU4cb2JlXQvN-ZtjH0fiK8RNmk-G5LMH5aB_m7Wg6_WTWxTwCY6sHo1ipUP3m-bhFVJuR78ydO2qeYONXAV1f9oll2K9mOT2TDre1Yz1QVyMWwffRBh_zM5LUvlGydp4ThJnFT2MkbpTnC5j4QGti4Xg91zf87Ctx5x82640l01TNcaH9ofmEfyqrngFq5IkpHx3SCbZiFmpkGEa520lmLnrqMw12UAAKypwKWiM6dNk2bmzr296WrUrBTA7G2epBKfNLhmSkNrnuoyB2Z-e61V1JDqnM-cDLVY-Ok3Yh4nUvlnWSqu--yvXI3dH4sLEyZWUU9uBFauuQ5y-7p7T3iAUHBa4nam44SSH4Nk-PeNQXh3vuV7f8st2JR7rKMtPqv97Hw__0P2psqR7ijTJi0Igs201-RU6SJIcFDkp-0PCK98WrWqEdVJqzJXAU2-K2ODbjdAQ4ZLmRw7JeQ-6dFY6J-rWLbAI3j413-t0yX8QgrifcZXMHZWsKeUvx9YTAuz1_La6UnarUkjI0kK-UeZkpHK9ftD43U6JzVWBXns0ofPb0O18MraiC0OmX2XATQLejs2NLJggzwC9GVknMvVOFiTNosRUSAp8qY37JhWJGEonaedb2atbjkdzwLW3kjLxscEpbM75-4QQPnY66NJ0ot0eiauOefYeVV-bdEvs2-ggnxdp_bzZlXe7MJeZ-KA0TOinweyCer6-KBe9w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proxysite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7DA 0
20 B 152ms
151ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1980374491444&version=m202209210101&ct=76&x=1&cor=15537589476308005000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI3u_g7pbv-wIVWYzeCh3-NA9cEAAYACC7qaBWQhMIprK67pbv-wIVpj3BCh3izwiv;met=1;&timestamp=1670679706776;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E7DA 42 B
494 B 196ms
155ms Image
image/gif 142.250.186.66

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI3u_g7pbv-wIVWYzeCh3-NA9cEAAYACC7qaBWQhMIprK67pbv-wIVpj3BCh3izwiv;met=1;&timestamp=1670679706776;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 10 Dec 2022 13:41:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
us8.proxysite.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: q8vk6bs0ilgs84a43mfc84mh16
www.proxysite.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: f5knbkhnrdognfrfe02m50o9s4
www.proxysite.com/	1970-01-20 16:50:15	Name: hl Value: en
www.proxysite.com/	1970-01-20 08:14:44	Name: AWSALB Value: xhMnlfFS5aORWlGrOTLGgINg8re62TtMva2b1hGXoi6cQofK4jQwl8+awOvreWc4JAwlJUcAw2MIq/9ySRmRraheBZ6X9qTcgYZi4ldXeSVHQ+slZR0XmbHbcdHH
www.proxysite.com/	1970-01-20 08:14:44	Name: AWSALBCORS Value: xhMnlfFS5aORWlGrOTLGgINg8re62TtMva2b1hGXoi6cQofK4jQwl8+awOvreWc4JAwlJUcAw2MIq/9ySRmRraheBZ6X9qTcgYZi4ldXeSVHQ+slZR0XmbHbcdHH
.proxysite.com/	1970-01-20 17:40:39	Name: _ga Value: GA1.2.1224739227.1670679695
.proxysite.com/	1970-01-20 08:06:06	Name: _gid Value: GA1.2.1730055747.1670679695
.proxysite.com/	1970-01-20 08:04:39	Name: _gat Value: 1
.proxysite.com/	1970-01-20 17:26:15	Name: __gads Value: ID=bd64e8705b602b23-22e46697ead900f6:T=1670679694:RT=1670679694:S=ALNI_MbnWZCiY0bNGhEnc06VVytL1RyM_w
.proxysite.com/	1970-01-20 17:26:15	Name: __gpi Value: UID=00000b907d261ba1:T=1670679694:RT=1670679694:S=ALNI_MZsDQrtyYg2pzWMI3aYfg2aA2fFfA
.doubleclick.net/	1970-01-20 17:26:15	Name: IDE Value: AHWqTUlsxoCo975LKsioNviParuPppnqeN_xDyagKWnagVZrWLiqxPBqDtYIPZVMXkY
.adnxs.com/	1970-01-20 10:14:15	Name: uuid2 Value: 5769793332241404194
.casalemedia.com/	1970-01-20 16:50:15	Name: CMID Value: Y5SMj0KTbuXQr4l8.u0T-gAA
.casalemedia.com/	1970-01-20 10:14:15	Name: CMPS Value: 2234
.casalemedia.com/	1970-01-20 10:14:15	Name: CMPRO Value: 2234
.doubleclick.net/	1970-01-20 08:04:43	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 10:14:15	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$Uizu:f!]taP8i_iqf!oN/@E'zz<Z0Qms<?3S/SiwsFBo@spBmVd]hidNp4K!4KD!bTD._PlZ[C[-kX-24vaY
.ctnsnet.com/	1970-01-20 16:50:15	Name: gid_CAESEOOEoWuD4CPOVjo2dKOgUdc Value: 1
.ctnsnet.com/	1970-01-20 16:50:15	Name: cid_0040b3b6d459414c8b2ab450631c283c Value: 1
.blismedia.com/	1970-01-20 16:50:19	Name: b Value: 63948C9083C96A590CEF0209BLIS
.lijit.com/	1970-01-20 16:50:15	Name: ljt_reader Value: Fyv1sGZHcr94B_AJS42H40s8
.turn.com/	1970-01-20 12:23:51	Name: uid Value: 7311414524614872268
.casalemedia.com/	1970-01-20 10:14:15	Name: CMTS Value: 1120
m.exactag.com/	1970-01-20 10:14:15	Name: exactag_new_gk Value: 80b3c965fbb4439f9a32fd355febe807%7C08.02.2023%2013%3A41%3A36
m.exactag.com/	1970-01-20 12:23:51	Name: exactag_new_uk Value: 6c993d44b663423099bdeb13666fe787%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 5c32fdfe4be5405f828955e8

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20221206/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-5271052033776811&fa=1&ifi=8&uci=a!8&btvi=5&xpc=CJgXKXmRGe&p=https%3A//www.proxysite.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.turn.com
ade.googlesyndication.com
adservice.google.com
adservice.google.de
ap.lijit.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ius.ctnsnet.com
m.exactag.com
pagead2.googlesyndication.com
partner.googleadservices.com
platform.twitter.com
r.turn.com
s0.2mdn.net
secure.adnxs.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.xx.fbcdn.net
syndication.twitter.com
tpc.googlesyndication.com
tr.blismedia.com
us8.proxysite.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.proxysite.com
104.244.42.8
142.250.184.226
142.250.186.130
142.250.186.66
172.64.154.237
185.80.39.216
185.86.139.104
2001:678:cb4:bbbb::11
213.202.235.9
216.52.2.19
2a00:1450:4001:800::2002
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:808::2004
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2006
2a00:1450:4001:829::200a
2a00:1450:4001:831::200e
2a03:2880:f028:16:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.96.105.8
35.186.193.173
37.252.171.53
37.252.171.85
52.87.88.72
68.235.61.75
93.184.220.66
000cb4237204c839588365b865b4ceb28c4d78ba054f6e5a4c7a5e25f36e0c9c
008d21a14033718a78a3877537abbef73a7e1796d448823ee6e7ef5162bc2411
036a97f58ae41233cce615d76fb5511d15d9db41201bae08f0099eeb07faec28
07132486bb895d6953db2e5d71d6e17179d92f58d0c195fb0f934f21cb6efd69
0809dce74d140cdb75918db36517dfca9fee927aa704fd47ee48432aee8986b5
0ac9094e17f405afb1a4cb915170e1051a048db8597a64460222f03fab4dcc76
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17713a1f68a3528710fa08300f6be3bb512863bd3b455b0542c542ac60b39310
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
196beb31539e747bdf66ddcf9d5f7255eeb42c14210786cb0a93ddbce4664d2e
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
236dca679b9983d1fbea0415d584b17d80f1c6942506fc508a5384db924e8795
29aba457c277278516480abb675c844f12e33896e08eafb34e06695ebeeef761
2eb3dfc7180bd8cbdf941ffd0ac161ddb50efbc4b7ce694e2c5185d467bfcf8d
2f1513a46b73f5ada51bafe9acd73abc1489f912de163236e4b6480a8311fb18
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22
33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b
354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399
35d4a453929aeb9cb4ca18e20087e72d2b251d050a6a7ec20931c152049d341f
39c1354553bc2ef4e66f5b7ca4a0681abb6f59fab8179aaef5f70ca88b7dcc12
3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18
3cee69d07c93d87ecbb03f206ddb86c9d4ba12638a18ed177de725be2eb8333a
403af363a86acc6874698194b930357b1ef4a1a3752c519a5f283fa53a9c46fb
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51a35ebb062650129c3038e329bfe25e4b9bcf3321d72db8f5c5252a941f5c3c
52e0b60d9d90e80f1d001f4bef8926e0e1782c46dcd2a998fb81cb33632e683a
5562966734e1347fe436355fe8cccf7247f013173572d616957bf198bf8b3eb8
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e169a3aa9b1abf9dfebf24cfdf4f3f50a86305cf3de816532400ddd39197e2
593b20843f5e162d1af8832ecf39e392b04608b556ed05345916996fb9cfe6d4
60738e0c21e145c63411dab779e72942f078ede817a5cdf57466ef0e61ff8d49
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6b23e94a0591e43f749074a39df5a5e700d5bd6c40d1b8016a1a2e44a3176037
71524570c2a41dedff7cad78ef11eb54c3957b23c4f64643fa04cb6a42b46782
724acb468e6daf873120d385f6717f09d84ffb51b33c81cb135597dad94ab4d7
7275f0fb8158cedd2aca99a9bb760d297331473511835855cf2614badbef18ef
759d05b3415341826afd6bb82cdf366e5090aec67c541500f3a6fff49517ec91
75e584797d092d18924a8e96de1d6d39d1ecd46252dea0be31d149b07d3ef4e6
770da7643a54e06b63d0c10b9386c21eebe7fe791bbd43e760a9f763aa95d26f
79af1c7d417111ca1837292eade82e2c883c554186cca89f3596fe9f1c5a2b4c
7a49f15294007bad4031449fd145bfe309092999eebdb428925aa0403215f56d
7ffcb15458cc6d82ade6166ddb0788afe839679e06d01368d615e8f2c0c6a5f1
80646f36094e746583b08d8f8dae1eb995726897032682e381592bc1ff6041fc
82a6d26513f870f1310630d34c6022c40c132836db8f66e39d01e681eebf9e75
86a2a3999c65a6ee0bbee35ac7515f04856e0fcbcebdffd56001c0dc924d887a
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
904134a3046525c6eba7f72681b86627cc82031b6c88bf4fc529de7f40bc9020
92a8d8908b0c7c5c7a35766201cbbb5ab02b727f0f0c6d4321db1d76f1c4bbc3
938bb7a4fe2818088711d433b38bb086516f778d8614faaf479ac89cf62968ec
9428518d1b1c9e441b6dcf1effddc210ce3ab2d1e0913be29695e907b4c82c43
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
96ea283c1c37c5d7d4177bb32764f2873c8c9ef60923b637091f7afb1eac94ad
981792df4c11fb32fea9720db6c7c82dd96da4247fd29ff170b53903e116eecc
99098c0dc4e1f93553d8690220e5b63d0b386c14fbdce4b864de257be911935b
9a96d66fca93a80f81afa6efbff759408764273a8820529cade3aaf6c8bdfb3c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a983ec1308781984ea4503dd1c4e1317b2b48dcb17dd1a6e68df68560951784b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acbbbb36e2b874c8a7674ad1b07de8c4add17d3c1e8f7d3edf82be7dcc1a8b1d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4f7db824a1fc83d9952d4b199c647f01c7519b4b0e93f04ea425319378d6272
ba203b80f3c768f833e27741e787c2298d841dc59e6c1a20eff2311f6cb632c8
bb1feac2e4b6b86b88a35923ed328f0b9d492bfb00dbd7d9c320814af4cb3070
bb872872893fbe01bb550a2e22b92fc6524e75071a16579cb43e0223fad5c19a
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12
c4d60e53476012ab254ca2f3f479903a6be9ead3cb39a9ea353c51ec75c618c8
d3f154bd52d039a8d725c3a790c0887142a2963f09b28c6280e4629ca8521e93
d5042032c95f97e57f0bc66111c57f1e0674276a75b6f456b46830a34f0acb2c
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d8c0c2420073e99022529c20081329ab40efb135698702b4cb7b88682536b336
dbf9a2ac02b43ac34f6171f02be1b1fdce0d6a4b2b37e47b54f82f4a7d346714
dc2261fa7fc402f3869461ab510796c6a45c58b4910d7eaaf674bfefd5274e6c
def1424f4f259a4cf927fe1f7ea7ec24bdc2fc78edca55fdb593cc0c293dbec5
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44458c2c9acea446178d73575b53255ee7ba669c33cb20cfea94b90908f921d
e5ce2319ddf7e5ce5d7da4d3754669b57cbfba96b5ae0656935a414c0f8d3b70
ea860a640684d6f5bef6db52b5182b8bd9fbcc9195ca33cd86ea6e78613628fb
eaee2371582b8c319e9f7b6432b570d1c7cc5bda80a6d7819521c6df355c3f9b
ecb0a51c8bccd33964654ecedc1115640eec2c15b217d843df9ed2c36d358060
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f49c01fad5a9463068f4c436a10100d762674f42514ba91b069bc614f550cc31
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

www.proxysite.com Open in urlscan Pro 52.87.88.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

164 Requests

92 %HTTPS

48 %IPv6

23 Domains

34 Subdomains

27 IPs

6 Countries

2018 kBTransfer

5233 kBSize

26 Cookies

7 Outgoing links

Page URL History

Redirected requests

164 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proxysite.com Open in urlscan Pro
52.87.88.72 Public Scan

Screenshot
Live screenshot

Full Image

164
Requests

92 %
HTTPS

48 %
IPv6

23
Domains

34
Subdomains

27
IPs

6
Countries

2018 kB
Transfer

5233 kB
Size

26
Cookies

164 HTTP transactions
12 data transactions