www.theatreinchicago.com Open in urlscan Pro
74.208.236.154 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.theatreinchicago.com/
Effective URL:
https://www.theatreinchicago.com/
Submission: On January 29 via api (January 29th 2024, 4:14:03 pm UTC) from US — Scanned from DE

Summary HTTP 230 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 45 IPs in 7 countries across 34 domains to perform 230 HTTP transactions. The main IP is 74.208.236.154, located in Philadelphia, United States and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is www.theatreinchicago.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on January 15th 2024. Valid for: a year.

This is the only time www.theatreinchicago.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 27	74.208.236.154 74.208.236.154	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
18	2400:52e0:1e0... 2400:52e0:1e00::1080:1	200325 (BUNNYCDN) (BUNNYCDN)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:616c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	99.84.88.88 99.84.88.88	16509 (AMAZON-02) (AMAZON-02)
1 5	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 2	63.33.146.168 63.33.146.168	16509 (AMAZON-02) (AMAZON-02)
6 15	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	173.194.76.156 173.194.76.156	15169 (GOOGLE) (GOOGLE)
1	2600:9000:26d... 2600:9000:26da:800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f18:1ac... 2600:1f18:1aca:4281:7fa5:c934:6539:afca	14618 (AMAZON-AES) (AMAZON-AES)
13	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
3 3	37.157.3.26 37.157.3.26	198622 (ADFORM) (ADFORM)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:1ffd:c1da:c0ec:deee	16509 (AMAZON-02) (AMAZON-02)
4	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
4	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
2	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
1 2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
1	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.160.236.64 34.160.236.64	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
230	45

27 74.208.236.154 (Philadelphia, United States) 1 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 74-208-236-154.elastic-ssl.ui-r.com

www.theatreinchicago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:616c (United States)

ASN13335 (CLOUDFLARENET, US)

static.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
in.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.88.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-88.muc50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.146.168 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-146-168.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.186.34 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.173.215 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26da:800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4281:7fa5:c934:6539:afca (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.3.26 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:1ffd:c1da:c0ec:deee (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.219.174 (Lutzingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.220.30 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de

hal900016.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.148.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.243 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.236.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.236.160.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157 pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	601 KB
49	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 bid.g.doubleclick.net — Cisco Umbrella Rank: 917 ad.doubleclick.net — Cisco Umbrella Rank: 163 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 126874	354 KB
27	theatreinchicago.com 1 redirects www.theatreinchicago.com	617 KB
19	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5597 api.omappapi.com — Cisco Umbrella Rank: 5857	94 KB
13	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	135 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1004 static.adsafeprotected.com — Cisco Umbrella Rank: 721 dt.adsafeprotected.com — Cisco Umbrella Rank: 719	179 KB
9	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 98	2 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	549 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38309 hal900016.redintelligence.net — Cisco Umbrella Rank: 166678	86 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	5 KB
6	gstatic.com fonts.gstatic.com	88 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	5 KB
3	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 41332 medialead.de — Cisco Umbrella Rank: 40963	852 B
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 583	2 KB
3	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 570 region1.google-analytics.com — Cisco Umbrella Rank: 2029	18 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 193090	6 KB
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 373	470 B
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	910 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 874 s.tribalfusion.com — Cisco Umbrella Rank: 2405	1 KB
2	getclicky.com static.getclicky.com — Cisco Umbrella Rank: 11688 in.getclicky.com — Cisco Umbrella Rank: 10202	6 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145	20 KB
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1375	204 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 722	187 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	149 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 16092	705 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 336285	401 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 2226	296 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1872	173 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 856	719 B
1	google.de www.google.de — Cisco Umbrella Rank: 6518	455 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	94 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019	20 KB
230	34

	Domain	Requested by
29	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.theatreinchicago.com tpc.googlesyndication.com googleads.g.doubleclick.net 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
27	www.theatreinchicago.com	1 redirects www.theatreinchicago.com
26	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.theatreinchicago.com pagead2.googlesyndication.com tpc.googlesyndication.com 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com fw.adsafeprotected.com www.googletagservices.com
22	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.theatreinchicago.com
18	a.omappapi.com	www.theatreinchicago.com a.omappapi.com
15	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
13	s0.2mdn.net	www.theatreinchicago.com s0.2mdn.net
9	www.googletagservices.com	www.theatreinchicago.com securepubads.g.doubleclick.net 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
8	dt.adsafeprotected.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
8	www.google.com	1 redirects securepubads.g.doubleclick.net www.theatreinchicago.com tpc.googlesyndication.com 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	1 redirects www.theatreinchicago.com pagead2.googlesyndication.com 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
4	hal900016.redintelligence.net	1 redirects 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com hal900016.redintelligence.net
4	hal9000.redintelligence.net	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com hal900016.redintelligence.net
4	ad.doubleclick.net	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com www.theatreinchicago.com 5994599.fls.doubleclick.net
3	c1.adform.net	3 redirects
3	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fonts.googleapis.com	www.theatreinchicago.com a.omappapi.com hal900016.redintelligence.net
2	5994599.fls.doubleclick.net	1 redirects www.theatreinchicago.com
2	cdn.retailads.net	1 redirects futalis.de
2	pv.medialead.de	hal900016.redintelligence.net 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
2	x.bidswitch.net	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
2	ads.travelaudience.com	2 redirects
2	fw.adsafeprotected.com	1 redirects www.theatreinchicago.com
2	ssl.google-analytics.com	www.theatreinchicago.com
2	www.googleadservices.com	www.theatreinchicago.com www.googleadservices.com
1	adservice.google.com	5994599.fls.doubleclick.net
1	odr.mookie1.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	dis.criteo.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	match.adsrvr.org	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	medialead.de	1 redirects
1	www.awin1.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	futalis.de	hal900016.redintelligence.net
1	ag.innovid.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	tr.blismedia.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	s.tribalfusion.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	static.adsafeprotected.com	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
1	in.getclicky.com	static.getclicky.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.de	www.theatreinchicago.com
1	api.omappapi.com	a.omappapi.com
1	static.getclicky.com	www.theatreinchicago.com
1	www.googletagmanager.com	www.theatreinchicago.com
1	maxcdn.bootstrapcdn.com	www.theatreinchicago.com
230	50

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
twitter.com
app.monstercampaigns.com
www.theatreinla.com
www.theatreindc.com
www.theatreinnewyork.com
www.theatreinboston.com

Subject Issuer	Validity	Valid
*.theatreinchicago.com Encryption Everywhere DV TLS CA - G2	`2024-01-15` - `2025-01-27`	a year	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-01-28` - `2024-04-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
a.omappapi.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.getclicky.com E1	`2023-12-03` - `2024-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
api.opmnstr.com Amazon RSA 2048 M03	`2023-12-11` - `2025-01-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.innovid.com RapidSSL TLS RSA CA G1	`2023-03-15` - `2024-04-14`	a year	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
*.futalis.de R3	`2023-12-12` - `2024-03-11`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-10` - `2025-01-10`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.sitescout.com GeoTrust TLS RSA CA G1	`2024-01-15` - `2025-02-01`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://www.theatreinchicago.com/
Frame ID: 25A106B4AFE9A7572494DFB53779E28C
Requests: 75 HTTP requests in this frame

Frame: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 05EE5FF73BB9AD45481FDE9FCF0460B2
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7FupeUQIhxs-C6C-6YrdVm1CzqbtYO6Xk2vH-RkSSR65KTo7nEQXUI18fyxv2DfCmloT7_4X9UitTbj9WEEmh3kymxXavj8gk0cWJg8Avuovhoa8GgsqqjrKemTuIVGqwygEieLmjjenZWHThUyqelbgWhECQGTSmdYfVPJ_fJnMDHmUFhUBrNuDPytTx_xsG6V3LV7bCiHmi9QHN4YKyJaBF1TdIc7g2iH1FJSngKbmSGRvdlFXP6NrKamhasY1OMKzboI-4tOFuOHdeB-eF10TP-fCdUrGI-Lajk138FgpLdwt59VxCagttsTrqJxaUzxJvEk-3wHwA-qByvmVZXmPSwiA6wnAKMtDFGK7JKAH-CS8RuA&sai=AMfl-YSyrPgJXaNClkW0PgTo-ZLa8XZk9J71vHhCN9zm02Ei_Uq4DPeoXv4GmmANBxoV7cz44HLczeuHrUGPWMQslbcjiP77b3K_RCOarrnL5I7Abw3BGreXBwswDqt2Wt4&sig=Cg0ArKJSzLYZrwf4EIMaEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 2EB20D53974D8C9CD32299CEB3D16EC4
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss_IyU0dUUBhgMgvvUsF-dmo3pl2-AxLq_GFGLXOZCAK6m4lmrMKtU_z6I4nK0s27nzXLRTZSy4H_PsIpeElR8x3MipJxsEamMF75KofVHH93003vVWm4qvAfUcZe01vcjPQbM93v3Z7P7dwqrW1qIOOriqlKJiqSqVJkoBEoZSJmZLua81MsGR_Qb5dkXeFW-s8bsgpLYVfvyja-kLJB5A5ySoEjjvgxu_AUj7kNSVajCi-gCPIWHdXQAkNKguXL6Gmj5LrOABNXZzfGDgEOrAv4JWNlt00gEvf-4kLQuFRj8KrJaIBhTixMDU6BnpA83ZPDWEI3ZAUF3Goe4npqixBMRYmag6-QP7d2cRdiiCRw36&sai=AMfl-YRqNEqDuGTWxUIrs96aTFZUudsllGMt99M53pJw-j_htLGlTlh7sD2KDZxRsxTkWhYLqMaMtVqAWvTdBgn6ao2adOJ24Rdz9jW3AODiwzJ7zrNthANqKFTS0LCH17Y&sig=Cg0ArKJSzC73VIJsTBHbEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 9C8D826DE79D83BA1BA18AA666E8D1D0
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvuT5Ji346vjmevq2b48mSWK2dh5Y1IvKkN42qiLaLIUHgoox7_7X1bG1RZAxBSvlQmUpEFjJWpUjiN9V3Enzja_T0W4g8ZJKJO8d0yw9HqiPuvfxFOfUv945kmyETvTU3NaGnHHEU6XDyOa69kATZTUMkiKFP8m-tQ2N4FuaU-SRfFPjh39WVKjr18nfAuqQG98DXcJY6AgknWEIAnQzTB96Rul3NsbOQDcN0xijRPI8lFVovDJggm6wkcJKkhHvxRes7FBKLHsqytpvq-UZrwR2CbQiaTTKflYX5boKXQJTbXguQXr4JI5v6My9vfnORRredY7_R1zVz1I1M3bIqqk7lsVsgpY8nUdma9SvZ_GTEJGDNE&sai=AMfl-YQ6YQH2eDXNzM4zZl3BH_mcmJrn0DYpr3vuAXhCTm5dh6sCd5fAapyP1nw-R3JXro8Ys7aZHpWqSteyxNymoHJ1R0yPQYxq8dvh8vN0dleKvX046KSf4dieDXwC_g&sig=Cg0ArKJSzKW5MKjd1LkFEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 90189610FDB8DAAA88A00F04720BCBB4
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstG8TLCVvGq8HdG1TfYjA4E3IhjkWoIFvmZx1uZKRuP4arE4hORD_YBHq2kNNnkFQo40rtAMjAO7G6lp4liRw9I_PvK9Y9Qcvsq390vMaKee483zGLJUEZryiZU5sD-nlzCnjX8OoYODVbhjWvTzkTYkLHU03uojV9hzn8GZqy_-7v_8aIIzzh4tsDd_Z9WXciq5vsvmQkbFYlhCeSaKQA204JRlwa1aPGrCJGCCCBPrumUwo3l1td0i3ilOmJ4c-je9K3ugtyk26EQ5jA4GsBRsPGTX97I7JHHhCtzT7zVKi6zgzv2VYRYc8yy2Idd5YWJr1roIzbdLLHwuluPBtMBhfFcksVFt6OO8IeQijN-ncjU&sai=AMfl-YRlOD-ZQsNCSqQGvItW16BLMUnRgFbiWmBOSZvjCU5k5TzEbzKZ9CZHsTWMwnLxLG5ebEjekMMr38xGqVtxFwep2-vMwY2kGwvhlwzmGZ2JenNFYcRs6oDThQZH6y8&sig=Cg0ArKJSzPDs7mTdKA-UEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 2945470498F7CAD72562375C9219F199
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvGXNkSgwzqz02B-WduNYriaf6hGjHvy4isEe4iNl_47pwaK2Or-TQNGTyFoNhbji7wf2SVTVNbLojvT-CbNlHzUYuWCT-QgaZC16CNEXXOOB36l0jmFo6uJ8xtqneaqwA57gdIBjFs5r-TZJWhI7VDYO7AMMT6Uvqk668sRdt2kMh2CZrhcXOTFL_S7MYO3GBlVNuXClj3JjFEOsCPh1iggr9BCRy6Nttt_FCiy3cIpJSMrVDsMXNJnDCJQfIBdA3Lwj4k2sqVU4_qY73VvnvpmM5QP3nmB1dUZeSSIUyk-2MAhSPKlCDRHtaKCOVHmomCdb54Gz416ny9GsImxk8Prn_Titun7k_N3qyn4t4QTDCktsz_QhCv6Q_p1Q&sai=AMfl-YT8WvjenYx2rCteEG1A-AQEuQtPixVusFKryR6WhhlZg-1a7ki20VYXohp-vGxbCvIEQ7xK3IP3zVJgDp-USSG1gwvO-SNZDeLymZzvpjnhN6o0iVzRnbQkaDOw5zw&sig=Cg0ArKJSzFqqMjZjWlrAEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 916C075993FE922B81FA65E555A2967D
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu00V5p9U6Yv5zEbcBJFMU8JJOl9y4FX2JiR9HbP3ohmffuvtvRd9AWYr14iwhgEGLYPuVHnZVnt7w5xtw6MdpVoEmQdMzOqvi23wgglE6btDNfsCidhrTblvUPmIgt5LJX_eeUwOSHI6x9aEMTOZBz3qoIG5tU1LO_QpcwAt57fRhH7fJrSqd3Xld7Z1hGraBfXlz2vkUlLTD8SckbqJyct36T5ss6jUcU_bXj5bJ2ilz4Lt1TlenJwJQKGgg_AFVxynO_ivGrZl4zJTPR1nJ3ceHyHDK9vkKNkVtfl3a9VVPYIM0B781Fa4kJOKPIEWkhcYHEGDJgh8ByOxf1wNqz52wBGbNdY_zwj5gnOl2leZp2Q6fQtZFM383C&sai=AMfl-YR4BOyMFTxp6JLuyBLcP02v940XjHvM2HPfGl8Qi1zRoCoJfF3On_dnjw_f8tEZ67UjuaAfXVhTD6xIFAo7GUjV7lKHNvxSB0p64zN0QzlC3ybUxGDc0Cd48t2z_w&sig=Cg0ArKJSzAB1pgYqlzNKEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: C0C06AA74D73DE258358481339C053CD
Requests: 8 HTTP requests in this frame

Frame: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: CE3A40DE9FA1720DD157BD41F6BF7292
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJik9wIQqafRlQIYzfvKgQIwAQ&v=APEucNVsyh_HA5ATw46z_1cQW90C9eRXx4dxeI4IuDHT70Br9lJrgzGeDVv_7ICQ9-__NAysLH-iU1wt77vzPl262sd1Zuct47k22HAy-_rFOpMk4iDh-UzfdZsse4PBFeg-EAdyaFNXdlkt_XM1PdGQc8_9yJNzlEFDmbdhJbB_rSfkA_Vle5M
Frame ID: 6D526062A6FFDA7DD0E5CA818D21A01E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: B0120DCBCC956F349017AFD3ACF68082
Requests: 28 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 67531EF62ABD09A39156804EA969FD64
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2233053BA4986E1F7B47A0F797CDD0A6
Requests: 2 HTTP requests in this frame

Frame: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7A740D8AB03DC52EDB2711398ED9062A
Requests: 18 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 8BCF9938DD4537894FF2C215C78D4ED3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUv7r7ZtdQzckg6oz5DM3qZzPBNjboE4Td6JPGZIvs6PCmjnSle5_4cc8L_p29H0S5uyIfe1Pjbu_YbJP3i-barwx47TiJix6-Q9sBTCfc8z3snJUmXyATA9Faawviz7TdgcnLxY5N_6J_z89Cx1ejRs0518ptjlyjVuTQAkftB8nAbqqM
Frame ID: 7B3998755AB7587803EE9B528647E631
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: FA1D32060129E7DF36C4F7AD23D37B74
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EDB4F7D3A4CE745D5493531EEDA94F41
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A4C6251D4C415FB98AE943C1150E997E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
Frame ID: 5F45ABA4236C6E6AA277A576216B2C82
Requests: 12 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 489420D3B0E947BC7F01FADDA3C62305
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219
Frame ID: 061A71849EE427621B9F4B1C51FA28EB
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405
Frame ID: 10A1DC81443A7B42F860F19201023DDD
Requests: 3 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Frame ID: A2BA7EE8740DB7F87ADBEAC8BAD93059
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 21C261DB8FEA674CFEAD6A468483D26D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Theatre In Chicago - Your Source For Plays In Chicago - Chicago Plays

Page URL History Show full URLs

http://www.theatreinchicago.com/ HTTP 301
https://www.theatreinchicago.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clicky (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.getclicky\.com

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

230
Requests

92 %
HTTPS

48 %
IPv6

34
Domains

50
Subdomains

45
IPs

7
Countries

2869 kB
Transfer

6096 kB
Size

37
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/channel/UC3qGsmVHg7YpAgV7Ak0e1IQ/videos

Search URL Search Domain Scan URL

URL: https://twitter.com/theatrechicago

Search URL Search Domain Scan URL

URL: https://app.monstercampaigns.com/c/rqlqwrbtjrjs5y0fahhh/
Title: Sign Up For Our Newsletter

Search URL Search Domain Scan URL

URL: https://www.theatreinla.com/
Title: Theatre In LA

Search URL Search Domain Scan URL

URL: https://www.theatreindc.com/
Title: Theatre In DC

Search URL Search Domain Scan URL

URL: https://www.theatreinnewyork.com/
Title: Theatre In New York

Search URL Search Domain Scan URL

URL: https://www.theatreinboston.com/
Title: Theatre In Boston

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.theatreinchicago.com/ HTTP 301
https://www.theatreinchicago.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068461150/?random=541178508&cv=9&fst=1706544836734&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&hn=www.googleadservices.com&fmt=3&ct_cookie_present=false&ocp_id=xM63ZZfWLvrMxdwPiMaV8As&sscte=1&crd=&pscrd=IhMIl8in9v6ChAMVemaRBR0IYwW- HTTP 302
https://www.google.com/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_AjT4tkdg48NrztQUFSE9OaW2Nx7K4Q&random=1580853104&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_AjT4tkdg48NrztQUFSE9OaW2Nx7K4Q&random=1580853104&resp=GooglemKTybQhCsO&ipr=y

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1

Request Chain 127

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbfOxt3vq-fRbIvAfE1iPAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG6ObYroQjKIUid3ifkvXyg&google_cver=1

Request Chain 129

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

Request Chain 140

https://fw.adsafeprotected.com/rfw/bgd/1893484/77291975/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1&bundleId=&bidurl=https://www.theatreinchicago.com/&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:cc6f83e7-81f9-60ab-10ee-a086f61ffb9c,c:2HV1sN,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-74b57f8799-x2wmf,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:dfhui1,mtim:4,mot:0,app:0,maw:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:20,oid:6838c3b1-bec1-11ee-8767-7629295f58e5,v:19.8.476,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1

Request Chain 157

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbfOxt3vq-fRbIvAfE1iPAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELSe5MGUe8EWKEkFLAA2JlI&google_cver=1

Request Chain 159

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

Request Chain 168

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 169

https://um.simpli.fi/gp_match?google_gid=CAESELetYMWMxHK3fWfeoDi_eiU&google_cver=1&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0TRE_vdEm6DGyzWvtg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3B7AEDD6975341DC8CC6B353B7CD421B&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0TRE_vdEm6DGyzWvtg

Request Chain 171

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIR60OKYow6gAzWtnwvJv_E&google_cver=1&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-IpOTsZoEF4J2-ec HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-IpOTsZoEF4J2-ec

Request Chain 173

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEKZfIgUxkJtUe1WuTlsxH8&google_cver=1&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLFlnUNm70p93mR5k2KOYz_93I HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEKZfIgUxkJtUe1WuTlsxH8&google_cver=1&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLFlnUNm70p93mR5k2KOYz_93I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLFlnUNm70p93mR5k2KOYz_93I

Request Chain 180

https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 190

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=86967400146308304444556012584016&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219

Request Chain 191

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405

Request Chain 194

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 203

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFcARgSOE0_dag73GKIiGWE&google_cver=1&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQpeX6Rkj7wym0cd2U HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQpeX6Rkj7wym0cd2U

Request Chain 205

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFkxoI8bqtwRJx6aownOfDA&google_cver=1&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHmQHLRE6TRmrGUBivKgPDWVZXcO0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHmQHLRE6TRmrGUBivKgPDWVZXcO0

230 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.theatreinchicago.com/
Redirect Chain

http://www.theatreinchicago.com/
https://www.theatreinchicago.com/

57 KB
12 KB

505ms
259ms

Document
text/html

74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache / PHP/5.5.38
Resource Hash: 9b9aca82552ad6ef81f135a8ed5ecf675ca6a968f1a4ad225826c573314b3da7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html
date: Mon, 29 Jan 2024 16:13:55 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
x-powered-by: PHP/5.5.38

Redirect headers

Connection: keep-alive
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 29 Jan 2024 16:13:55 GMT
Keep-Alive: timeout=15
Location: https://www.theatreinchicago.com/
Server: Apache

GET
H2 200 ui.all.css
www.theatreinchicago.com/includes/leftsearch/theme/ 47 B
242 B 141ms
140ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: bd9343e493cd44c5213f0af31541550cfeaf0590f1f1998c0f1876c7746b4e43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "2f-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 47
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 jquery-1.3.1.js Show response
www.theatreinchicago.com/includes/leftsearch/ 52 KB
52 KB 349ms
348ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/jquery-1.3.1.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 63968bd2eb3010c82017befe42790225802cbf035d3168af76357ae85708bbfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Tue, 24 May 2011 21:03:10 GMT
server: Apache
accept-ranges: bytes
etag: "cf7e-4a40bea56df80"
content-length: 53118
content-type: text/javascript

GET
H2 200 jquery-ui-personalized-1.6rc6.js Show response
www.theatreinchicago.com/includes/leftsearch/ 164 KB
165 KB 153ms
152ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/jquery-ui-personalized-1.6rc6.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c8401d267b771261f21a9d00951d93ccee54bbc2d910433f86b7c5b975060b4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Tue, 24 May 2011 21:02:07 GMT
server: Apache
accept-ranges: bytes
etag: "29121-4a40be69591c0"
content-length: 168225
content-type: text/javascript

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 57ms
25ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 1078
age: 5129620
cdn-cachedat: 10/31/2023 18:59:36
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a99131ed71793c235969f4741b45dd0f
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 84d2c3e7c9ae381a-FRA
cdn-requestpullsuccess: True

GET
H2 200 style.css
www.theatreinchicago.com/styles/ 54 KB
54 KB 141ms
140ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/styles/style.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 9ead719662d12d46e58484bd0b7a00cc267edf5a0df7c4d4e67978f29d1d33e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Tue, 07 Nov 2023 02:52:58 GMT
server: Apache
etag: "d78d-609871179cedf"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 55181
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 288 KB
94 KB 180ms
69ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5VT249Q4NT

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d96fd18ffd4954fee8c14ee325cea257df4176460c2c748ba6b7bf52b6ebda9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96135
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 Jan 2024 16:13:56 GMT

GET
H2 200 add-src-cookie-script.js Show response
www.theatreinchicago.com/includes/ 712 B
861 B 142ms
141ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/add-src-cookie-script.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 20acf5d6867ff28c18e9ec81b2e3bd8e703b73e2024fc96768c0ce2a5ac6780e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Wed, 26 May 2021 12:06:35 GMT
server: Apache
accept-ranges: bytes
etag: "2c8-5c33a795b7f1a"
content-length: 712
content-type: text/javascript

GET
H2 200 add-src-ne-cookie-script.js Show response
www.theatreinchicago.com/includes/ 712 B
861 B 349ms
349ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/add-src-ne-cookie-script.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0eeb8b2025374b7e01734372458ddddedd9a97e0b9f9184ed5f2fd9d50d56f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Tue, 01 Jun 2021 18:10:40 GMT
server: Apache
accept-ranges: bytes
etag: "2c8-5c3b842781cee"
content-length: 712
content-type: text/javascript

GET
H2 200 tic_logo.gif
www.theatreinchicago.com/images/main/ 5 KB
5 KB 152ms
152ms Image
image/gif 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/tic_logo.gif
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3a0a0663352bcb92d46f373306fd1605e5ddd78fbca826a3a70611f3d490d917

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Mon, 24 Oct 2005 20:02:32 GMT
server: Apache
etag: "1263-403e580e92600"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4707
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 flood-shattered-globe-theatre-chicago.jpg
www.theatreinchicago.com/images/playFS/ 80 KB
80 KB 152ms
152ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/playFS/flood-shattered-globe-theatre-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 56b44659d9583275a2d1145b4a3d0beef693aa6b707d092b20950b364a2558f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Thu, 25 Jan 2024 13:55:51 GMT
server: Apache
etag: "14085-60fc5899ca723"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 82053
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 arrow.png
www.theatreinchicago.com/styles/ 643 B
841 B 478ms
478ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/arrow.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 85506787e85b4201c6cb65348b2f2584372d994197d872a63dfe28d434b2c870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "283-5c33a7a0dc73c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 643
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 wait-wait-dont-tell-me-live-in-chicago.jpg
www.theatreinchicago.com/images/articles/ 41 KB
42 KB 136ms
136ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/articles/wait-wait-dont-tell-me-live-in-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 6d5b0ff42e478355ee412261759985200234ff5accc6afff2981d633071a2c2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Fri, 26 Jan 2024 14:25:10 GMT
server: Apache
etag: "a506-60fda104ac07b"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 42246
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 harry-potter-and-the-cursed-child-in-chicago.jpg
www.theatreinchicago.com/images/articles/ 55 KB
56 KB 139ms
139ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/articles/harry-potter-and-the-cursed-child-in-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: b83c2064543f24bdecc2d922bac6aec2cee41621332afe1d285bcea0d1a1733b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 13 Dec 2023 03:47:54 GMT
server: Apache
etag: "dd48-60c5c083b498a"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 56648
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 churchhill-broadway-playhouse-chicago.jpg
www.theatreinchicago.com/images/play/ 21 KB
21 KB 149ms
148ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/play/churchhill-broadway-playhouse-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 380f4d536d9bcc0a608b57bac77ce34c22b524df3ddb6810b52455b8b63ce3f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Sat, 27 Jan 2024 01:11:44 GMT
server: Apache
etag: "523e-60fe3188b1962"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 21054
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 beauty-and-the-beast-chicago-cadillac-palace-theatre.jpg
www.theatreinchicago.com/images/play/ 36 KB
36 KB 152ms
151ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/play/beauty-and-the-beast-chicago-cadillac-palace-theatre.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 7d5adf9978eb605d5ddfad21b29de133f842a9480ecda9aecb1a9c28e64ae1f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Fri, 26 Jan 2024 00:41:21 GMT
server: Apache
etag: "9024-60fce8e149a09"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 36900
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 roche-schulfer-from-goodman-theatre.jpg
www.theatreinchicago.com/images/articles/ 49 KB
49 KB 147ms
146ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/articles/roche-schulfer-from-goodman-theatre.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: e7fe7990f8d41650ab806c09401dd6adc64c207b7047ee050dffff9f507f2f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Thu, 25 Jan 2024 03:02:53 GMT
server: Apache
etag: "c3f7-60fbc6a5fe59f"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 50167
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 logo-footer.png
www.theatreinchicago.com/ 9 KB
10 KB 147ms
146ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/logo-footer.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3408d5e5a86185a87d27c4cfdf941c94f6474efca8a232089eca3debb9266b0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 26 May 2021 12:06:53 GMT
server: Apache
etag: "259b-5c33a7a76b252"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9627
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 youtube-theatreinchicago.png
www.theatreinchicago.com/images/main/ 1 KB
1 KB 148ms
147ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/youtube-theatreinchicago.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c08b857e67f202ceb9d0fd96b256d6fd597229cc67c3596dc8d860d444032342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Mon, 22 Nov 2021 18:27:41 GMT
server: Apache
etag: "46c-5d164c7c1174a"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1132
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 twitter-theatreinchicago.png
www.theatreinchicago.com/images/main/ 1 KB
1 KB 147ms
146ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/twitter-theatreinchicago.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: d6d46477991976d7a536bf82b4d2da4c385072f52a028ea9b1b8cad35a5a6d03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Mon, 22 Nov 2021 18:27:59 GMT
server: Apache
etag: "506-5d164c8ceade3"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1286
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 51 KB
18 KB 68ms
8ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 8424b8a3d195c1501a24371ab141becbb9c81ae93f7a86df80d63585683f47a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-588
cdn-cachedat: 01/29/2024 15:31:58
cdn-pullzone: 293267
last-modified: Tue, 23 Jan 2024 18:36:58 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65b0074a-cb9e"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 49d91d0582fef6286aa7f374ec9a98f0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 50 KB
19 KB 163ms
71ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

d499f67a7b601efb85a41524f9e839e98a2cd6baf20aa50e91bc917eb3838842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18775
x-xss-protection: 0
server: cafe
etag: 3525337830665361842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:56 GMT

GET
H2 200 custom.js Show response
www.theatreinchicago.com/js/ 5 KB
6 KB 130ms
130ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/js/custom.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 9baf8b2a2dec1dc0da57e3e933f38a0c9d5955442447d0614fe295bf5a806feb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Sun, 19 Nov 2023 13:44:27 GMT
server: Apache
accept-ranges: bytes
etag: "15d4-60a8191709fb0"
content-length: 5588
content-type: text/javascript

GET
H2 200 ui.base.css
www.theatreinchicago.com/includes/leftsearch/theme/ 260 B
457 B 487ms
486ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: a5593ee287dd4b1700d5da17311630731775218b9e980946477e185881b820dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "104-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 260
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 ui.theme.css
www.theatreinchicago.com/includes/leftsearch/theme/ 17 KB
17 KB 494ms
493ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.theme.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 35f76a9b54a670b0bf14d5b99e194e6fbbc0f0e49d3c0f68d3e3d05843c5a07c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:55 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "421c-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16924
expires: Wed, 28 Feb 2024 16:13:55 GMT

GET
H2 200 ui.core.css
www.theatreinchicago.com/includes/leftsearch/theme/ 1 KB
2 KB 127ms
127ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.core.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 2ea24df9a3e1eb05c5927721b875ac55379cb6f3ed2f89561ddd1002fa99ef2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "548-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1352
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 ui.datepicker.css
www.theatreinchicago.com/includes/leftsearch/theme/ 4 KB
4 KB 128ms
128ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.datepicker.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 19179e033857b424a0fa75ddd2552a90ce462c5163991dcd7df07bde205fafef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "ff2-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4082
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 189ms
79ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Rubik:wght@300;400;600&display=swap

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1aead89e42c8e5e00dbba89a9b5c580ca9a09c275920b124b7ed69c5d8b9687

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 16:13:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 16:13:56 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 97 KB
29 KB 243ms
133ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

369dc21fac21c57070a8d3ba87657c166c44d284c512410da2db19245ea3c5d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29425
x-xss-protection: 0
server: cafe
etag: 730 / 19751 / m202401230101 / config-hash: 10961985379633005465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:56 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 174ms
50ms Script
text/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 29 Jan 2024 15:49:54 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1442
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Mon, 29 Jan 2024 17:49:54 GMT

GET
H2 200 js Show response
static.getclicky.com/ 15 KB
6 KB 85ms
45ms Script
text/javascript 2606:4700::6811:616c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getclicky.com/js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:616c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1ff344c29dfe132c4d5663981d939562a86bed8413984f812c02a6a3bae80a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 24 Jan 2024 18:09:38 GMT
server: cloudflare
age: 425056
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 84d2c3eddf8b1957-FRA
alt-svc: h3=":443"; ma=86400
x-proxy-cache: HIT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1068461150/ 3 KB
2 KB 72ms
72ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1068461150/?random=1706544836734&cv=9&fst=1706544836734&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2103160a4a69cd716695f0bcbdae2e299c299b1d4ba811f3d80a036dd2d10a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1428
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 arrow-down.png
www.theatreinchicago.com/styles/ 287 B
485 B 151ms
150ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/arrow-down.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 02393e6c4d1934612af95f1a84117b135af46278f78b97124eae6536bb5b20d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/styles/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "11f-5c33a7a09fe7f"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 287
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v28/ 35 KB
35 KB 160ms
51ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Rubik:wght@300;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 13:02:14 GMT
x-content-type-options: nosniff
age: 529902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35448
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 13:02:14 GMT

GET
H2 200 search.png
www.theatreinchicago.com/styles/ 474 B
672 B 266ms
128ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/search.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3100d491b841fa14ff6e424f20fdf84f0c815af85644b26e333aedad86eb7b79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/styles/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 26 May 2021 12:06:48 GMT
server: Apache
etag: "1da-5c33a7a2c5b47"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 474
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 calendar.png
www.theatreinchicago.com/styles/ 400 B
598 B 241ms
129ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/calendar.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Philadelphia, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c928e1245a631b7a54428fe8bc128e68a0df9328a08b4caf902b01ade3922ec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "190-5c33a7a0fab9b"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 400
expires: Wed, 28 Feb 2024 16:13:56 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 7ms
7ms Stylesheet
text/css 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 182645413d8e9ce24afe2a8f46f4b1a622934cc12b0b5b4f1c6a9146c47c6e9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-164
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Tue, 23 Jan 2024 18:36:56 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65b00748-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 123399fab35d85f533cf8919485a86cb
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 111213 Show response
api.omappapi.com/v2/embed/ 20 KB
5 KB 153ms
111ms XHR
application/json 99.84.88.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/111213?d=theatreinchicago.com
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-88.muc50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 6d577844b42ad256496c0e45fce5e18da151d12204844b101cfad16efb2038de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: gzip
via: 1.1 fe36c7f30c8ef2853edecc43f320092c.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: MUC50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-account: 123068
x-user-agent: standard--
last-modified: Fri, 24 Dec 2021 15:43:58 GMT
server: Pagely Gateway/1.5.1
etag: W/"634f4dc2ca4952a229e8eea65cbafb44"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: IPxUsLraQks1Fo95UYwxmfgM5HBXFUSU5MLwN9nJ9EfB9tlYbXfxkA==
expires: Mon, 29 Jan 2024 15:44:49 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/1068461150/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068461150/?random=541178508&cv=9&fst=1706544836734&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTyb...
https://www.google.com/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&...
https://www.google.de/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&u...

42 B
455 B

172ms
62ms

Image
image/gif

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_AjT4tkdg48NrztQUFSE9OaW2Nx7K4Q&random=1580853104&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/1068461150/?random=541178508&cv=9&fst=1706544000000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ct_cookie_present=false&crd=&is_vtc=1&cid=CAQSGwAvHhf_AjT4tkdg48NrztQUFSE9OaW2Nx7K4Q&random=1580853104&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
251 B 105ms
38ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5VT249Q4NT&gtm=45je41o0v9102497885&_p=1706544836729&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=71718979.1706544837&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1706544836&sct=1&seg=0&dl=https%3A%2F%2Fwww.theatreinchicago.com%2F&dt=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1907
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5VT249Q4NT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 58ms
58ms Image
image/gif 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=644428989&utmhn=www.theatreinchicago.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&utmhid=1112838998&utmr=-&utmp=%2F&utmht=1706544836928&utmac=UA-192177-2&utmcc=__utma%3D200663403.71718979.1706544837.1706544837.1706544837.1%3B%2B__utmz%3D200663403.1706544837.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=984267374&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAABAAAE~

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5.f30be17a.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 25ms
24ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.f30be17a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: f8f188be3fa88f30858ed09ca59fb7c1d5f0293aad425355438711181da9c912

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:56 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Tue, 23 Jan 2024 18:37:15 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65b0075b-418d"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e3f0f80d4af485b89e1abad23c0aa38e
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.1dae6b4d.min.js Show response
a.omappapi.com/app/js/ 48 KB
14 KB 7ms
7ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.1dae6b4d.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Wed, 01 Nov 2023 17:12:10 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"654286ea-c029"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: dd391ee92f5c90de7112586156e728a9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 20.1d4b97e9.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 30ms
30ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/20.1d4b97e9.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: e1b149f9dffc3130750034a65c4a1d2cbefe7ffcef67fcb368f292a065aabeef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:38 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f2a-1062"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 45f614d02cab1618a0bc6f2fc9d6a488
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 19.b93023b7.min.js Show response
a.omappapi.com/app/js/ 4 KB
3 KB 12ms
12ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.b93023b7.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-168
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:40 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f2c-10b0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 420d156984a17fcdcfc74b4cdfd241da
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 27.78393e5b.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 13ms
13ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.78393e5b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-168
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:43 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f2f-1973"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 28b558070e6fa2424bcc21943a4f50d8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 32.b9065693.min.js Show response
a.omappapi.com/app/js/ 11 KB
5 KB 13ms
13ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/32.b9065693.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:33 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f25-2c41"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: dae588c3748747830faba49571da293b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.acdc9ced.min.js Show response
a.omappapi.com/app/js/ 33 KB
10 KB 14ms
14ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.acdc9ced.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 21111013521ce045115ade20ed1b0ac09b102688f010ecf84bb7f3f53574456c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-588
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Tue, 12 Dec 2023 19:57:31 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"6578bb2b-8515"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 95ba6c938a73a60f9394c5bceb6ac3ed
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.514c5def.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 14ms
14ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.514c5def.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:37 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f29-1d49"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 9b1dca02dbf31c43d9b2f5c381397fa0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 9.c66ab701.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 16ms
15ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.c66ab701.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-168
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 18:28:00 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"650896b0-879"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: fd43bd0a82700556049bc38604070201
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.38e902ad.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 15ms
15ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.38e902ad.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:37 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f29-a40"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e47c3f355a954f4557a92701c153e42d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 28.377be946.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.377be946.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:51 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f37-d7b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: db9353d4bd1cb4730a0eb32b80a1e441
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 26.1898e425.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 16ms
16ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.1898e425.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:40 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f2c-6b6"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: b4e02895dec0e46373acd173cb1f1ecf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 16.0e435a6f.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 16ms
16ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.0e435a6f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:35 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f27-51f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e857a8a2c7a68e1c4fb05834169b88c5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.ea963399.min.js Show response
a.omappapi.com/app/js/ 11 KB
3 KB 19ms
18ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.ea963399.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:50 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f36-2abc"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: a2e891e66709fd084c38fba1456cfb3b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.5aa698b1.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 27ms
27ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.5aa698b1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-165
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:35 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f27-81f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 9d1dc52e880b4f2b6b0fef21d883a956
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 in.php Show response
in.getclicky.com/ 131 B
282 B 205ms
188ms Script
text/javascript 2606:4700::6811:616c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://in.getclicky.com/in.php?site_id=66535313&href=%2F&title=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&res=1600x1200&lang=en-US&tz=Europe%2FBerlin&tc=&ck=1&x=4mo6zh
Requested by: Host: static.getclicky.com
URL: https://static.getclicky.com/js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:616c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d6c2aa0a446364169fba9251e31da41e2f618a09e3cceae2fccd617508e372f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate, no-cache, no-store, private
cf-ray: 84d2c3ef89731957-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/ 431 KB
136 KB 160ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56ab6b29646315f6b094297b45752ae23fe18430c8eb531edaa6297d917eb5f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 13:10:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11029
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138344
x-xss-protection: 0
server: cafe
etag: 11931332024773231753
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 28 Jan 2025 13:10:08 GMT

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
615 B 61ms
61ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C600&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.1dae6b4d.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9967752be40cf2fb9d4a6ec9b1894681e10ff260fd3cf904599a24201a0181d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 16:13:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 font-awesome.css
a.omappapi.com/app/js/font-awesome/4.7.0/css/ 37 KB
8 KB 11ms
10ms Stylesheet
text/css 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/font-awesome/4.7.0/css/font-awesome.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 01/29/2024 15:18:37
cdn-pullzone: 293267
last-modified: Tue, 04 Jul 2023 05:06:51 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 383
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64a3a8eb-9226"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 680f6dc1744ec278f1f4fb939f562ddb
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 52ms
51ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 10:08:09 GMT
x-content-type-options: nosniff
age: 21948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 10:08:09 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 57ms
56ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:27:41 GMT
x-content-type-options: nosniff
age: 492376
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:27:41 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 61ms
61ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 11:33:30 GMT
x-content-type-options: nosniff
age: 189627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Jan 2025 11:33:30 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 112ms
110ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICLBFooter&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837395&lmt=1706544837&adxs=620&adys=20&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=750x90&msz=0x0&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=2649920363&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e6a03429a1225371169b6e1f3eaec26237427900fd67dbccd4eb05ae4ff5dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22269
x-xss-protection: 0
google-lineitem-id: 6476565305
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138463038412
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 94ms
92ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICmobile320x50&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837402&lmt=1706544837&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=0x0&msz=0x-1&fws=128&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=1867916015&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e118fd3e82ba87e1b71c46a30d69a10f2205bfee2f8f00bfc5611a5e8892f36b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22240
x-xss-protection: 0
google-lineitem-id: 6497796944
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138462475669
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 106ms
104ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICleftcolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=3&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837405&lmt=1706544837&adxs=230&adys=692&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=165x620&msz=160x0&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=3804964394&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d3a32f31c668587a5991eef8ba6cd17efa14b2e7308801f561f912c3eeb0fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22173
x-xss-protection: 0
google-lineitem-id: 6476009473
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138463038382
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
13 KB 943ms
942ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightbottomfour&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=4&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837406&lmt=1706544837&adxs=230&adys=712&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=165x620&msz=160x-1&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=2864252215&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1d4f4f1ed15774feb8972f2e31dfcbba8b3c1a2624214fcae3d2292bbeb82e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12779
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 123ms
122ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightuppercolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=5&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837408&lmt=1706544837&adxs=1205&adys=204&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=165x1250&msz=160x-1&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=695397921&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46291117984b578ab68ae7574d182beaddde2288cce1ceeec1a475acd6b39ddb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22086
x-xss-protection: 0
google-lineitem-id: 6493023331
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138461759978
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
15 KB 520ms
519ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightbottomcolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=6&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837410&lmt=1706544837&adxs=1205&adys=824&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=165x650&msz=165x0&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=2844659701&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c37f897fce50c0cd6aac3271ded472f6abb76d1e5a98e5a40844753bba2ae5ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15268
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 564 B
781 B 85ms
84ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICsscreated&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=7&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837411&lmt=1706544837&adxs=1205&adys=854&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=165x650&msz=160x-1&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=1926913503&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e71f66d54768bbd4a51ec580d6bbdbf59ca21f064348b68d31302552cd4a825

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 278
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 99ms
98ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICLBHeader&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=8&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837413&lmt=1706544837&adxs=230&adys=2028&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=1140x0&msz=1140x0&fws=0&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=2712950716&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddb9e9f6b3c2f69591892defe32558fc3b8e8402f9ad1f6a9afeb1336ef28936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22236
x-xss-protection: 0
google-lineitem-id: 6497177962
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138462475630
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 61 KB
22 KB 116ms
116ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2633222901932391&correlator=307240210019010&eid=31080255&output=ldjh&gdfp_req=1&vrg=202401230101&ptt=17&impl=fif&iu_parts=113039460%2CTICmobileFooter320x50&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=9&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1706544837414&lmt=1706544837&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&vis=1&psz=1140x0&msz=0x0&fws=128&ohw=0&ga_vid=71718979.1706544837&ga_sid=1706544837&ga_hid=1112838998&ga_fc=true&ga_wpids=UA-192177-2&dlt=1706544835771&idt=1584&adks=4156452066&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e123447aebcea7405e05a1f37665391a018fbddab2005d1858ba5d29c582e03f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22290
x-xss-protection: 0
google-lineitem-id: 6493032700
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138461631888
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 05EE 6 KB
3 KB 274ms
58ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:57 GMT
expires: Tue, 28 Jan 2025 16:13:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2EB2 0
0 86ms
85ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7FupeUQIhxs-C6C-6YrdVm1CzqbtYO6Xk2vH-RkSSR65KTo7nEQXUI18fyxv2DfCmloT7_4X9UitTbj9WEEmh3kymxXavj8gk0cWJg8Avuovhoa8GgsqqjrKemTuIVGqwygEieLmjjenZWHThUyqelbgWhECQGTSmdYfVPJ_fJnMDHmUFhUBrNuDPytTx_xsG6V3LV7bCiHmi9QHN4YKyJaBF1TdIc7g2iH1FJSngKbmSGRvdlFXP6NrKamhasY1OMKzboI-4tOFuOHdeB-eF10TP-fCdUrGI-Lajk138FgpLdwt59VxCagttsTrqJxaUzxJvEk-3wHwA-qByvmVZXmPSwiA6wnAKMtDFGK7JKAH-CS8RuA&sai=AMfl-YSyrPgJXaNClkW0PgTo-ZLa8XZk9J71vHhCN9zm02Ei_Uq4DPeoXv4GmmANBxoV7cz44HLczeuHrUGPWMQslbcjiP77b3K_RCOarrnL5I7Abw3BGreXBwswDqt2Wt4&sig=Cg0ArKJSzLYZrwf4EIMaEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 2EB2 23 KB
9 KB 169ms
58ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 2EB2 3 KB
1 KB 167ms
56ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2EB2 205 KB
65 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 1229188056240324735
tpc.googlesyndication.com/simgad/ Frame 2EB2 19 KB
20 KB 185ms
74ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1229188056240324735

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f2c9e2af5ff4789eaba871a2b33097559693f372faa89e8e0261f0eb9e442b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19747
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 23:04:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Jan 2025 16:13:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2EB2 0
0 59ms
58ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSdnwXDphPjr1PjlOUfeeebhdVj5e2UwSMzuIWoLbYtC0UDJraBw4nnCdm3aAV9f2qarnY3BUP9bJydhT7KTqs4ZWl-IQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C8D 0
0 86ms
85ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss_IyU0dUUBhgMgvvUsF-dmo3pl2-AxLq_GFGLXOZCAK6m4lmrMKtU_z6I4nK0s27nzXLRTZSy4H_PsIpeElR8x3MipJxsEamMF75KofVHH93003vVWm4qvAfUcZe01vcjPQbM93v3Z7P7dwqrW1qIOOriqlKJiqSqVJkoBEoZSJmZLua81MsGR_Qb5dkXeFW-s8bsgpLYVfvyja-kLJB5A5ySoEjjvgxu_AUj7kNSVajCi-gCPIWHdXQAkNKguXL6Gmj5LrOABNXZzfGDgEOrAv4JWNlt00gEvf-4kLQuFRj8KrJaIBhTixMDU6BnpA83ZPDWEI3ZAUF3Goe4npqixBMRYmag6-QP7d2cRdiiCRw36&sai=AMfl-YRqNEqDuGTWxUIrs96aTFZUudsllGMt99M53pJw-j_htLGlTlh7sD2KDZxRsxTkWhYLqMaMtVqAWvTdBgn6ao2adOJ24Rdz9jW3AODiwzJ7zrNthANqKFTS0LCH17Y&sig=Cg0ArKJSzC73VIJsTBHbEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 9C8D 23 KB
9 KB 313ms
215ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 9C8D 3 KB
2 KB 151ms
53ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C8D 205 KB
65 KB 111ms
111ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 13144093018121219027
tpc.googlesyndication.com/simgad/ Frame 9C8D 66 KB
66 KB 347ms
250ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13144093018121219027

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19a1c36efb8f75a1c15da18bba067288f227949048b3260c0d75272b7dceeba6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67515
x-xss-protection: 0
last-modified: Sun, 21 Jan 2024 23:03:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Jan 2025 16:13:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9C8D 0
0 58ms
58ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQvnz3_FCQlB9iZfH0rQh7AI4l9a7Pl0MFjxUp86PdKs0cjdB2wCQ5qlODy3Ya9k3eKx7p8eEZL28V0y68cwpfpLvON0A
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9018 0
0 86ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvuT5Ji346vjmevq2b48mSWK2dh5Y1IvKkN42qiLaLIUHgoox7_7X1bG1RZAxBSvlQmUpEFjJWpUjiN9V3Enzja_T0W4g8ZJKJO8d0yw9HqiPuvfxFOfUv945kmyETvTU3NaGnHHEU6XDyOa69kATZTUMkiKFP8m-tQ2N4FuaU-SRfFPjh39WVKjr18nfAuqQG98DXcJY6AgknWEIAnQzTB96Rul3NsbOQDcN0xijRPI8lFVovDJggm6wkcJKkhHvxRes7FBKLHsqytpvq-UZrwR2CbQiaTTKflYX5boKXQJTbXguQXr4JI5v6My9vfnORRredY7_R1zVz1I1M3bIqqk7lsVsgpY8nUdma9SvZ_GTEJGDNE&sai=AMfl-YQ6YQH2eDXNzM4zZl3BH_mcmJrn0DYpr3vuAXhCTm5dh6sCd5fAapyP1nw-R3JXro8Ys7aZHpWqSteyxNymoHJ1R0yPQYxq8dvh8vN0dleKvX046KSf4dieDXwC_g&sig=Cg0ArKJSzKW5MKjd1LkFEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 9018 23 KB
9 KB 217ms
217ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 9018 3 KB
1 KB 221ms
220ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9018 205 KB
65 KB 143ms
143ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 11459110859875603164
tpc.googlesyndication.com/simgad/ Frame 9018 63 KB
63 KB 292ms
238ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11459110859875603164

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

530f0af9970c002750d70bd61016078a0a4fca386f6bf7a98c920f62c3dfc509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64079
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 01:51:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Jan 2025 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2945 0
0 87ms
87ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstG8TLCVvGq8HdG1TfYjA4E3IhjkWoIFvmZx1uZKRuP4arE4hORD_YBHq2kNNnkFQo40rtAMjAO7G6lp4liRw9I_PvK9Y9Qcvsq390vMaKee483zGLJUEZryiZU5sD-nlzCnjX8OoYODVbhjWvTzkTYkLHU03uojV9hzn8GZqy_-7v_8aIIzzh4tsDd_Z9WXciq5vsvmQkbFYlhCeSaKQA204JRlwa1aPGrCJGCCCBPrumUwo3l1td0i3ilOmJ4c-je9K3ugtyk26EQ5jA4GsBRsPGTX97I7JHHhCtzT7zVKi6zgzv2VYRYc8yy2Idd5YWJr1roIzbdLLHwuluPBtMBhfFcksVFt6OO8IeQijN-ncjU&sai=AMfl-YRlOD-ZQsNCSqQGvItW16BLMUnRgFbiWmBOSZvjCU5k5TzEbzKZ9CZHsTWMwnLxLG5ebEjekMMr38xGqVtxFwep2-vMwY2kGwvhlwzmGZ2JenNFYcRs6oDThQZH6y8&sig=Cg0ArKJSzPDs7mTdKA-UEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 2945 23 KB
9 KB 222ms
221ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 2945 3 KB
1 KB 224ms
224ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2945 205 KB
65 KB 164ms
164ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 2575606371263935502
tpc.googlesyndication.com/simgad/ Frame 2945 73 KB
73 KB 170ms
117ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2575606371263935502

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8924cb9bc79b42579216aff2342c24ca4dcd3a22e7fcdb62be522eb4d7bb61ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74785
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 01:53:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Jan 2025 16:13:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2945 0
0 62ms
61ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSClGJ-JVk1qMbFFSderFSZfcbhQU9_rB_pYyd9dqhWePpryomHJEMzdBVNISg995MWFAmyoCzV5B8vGEbGKqRMiCKliQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 916C 0
0 87ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvGXNkSgwzqz02B-WduNYriaf6hGjHvy4isEe4iNl_47pwaK2Or-TQNGTyFoNhbji7wf2SVTVNbLojvT-CbNlHzUYuWCT-QgaZC16CNEXXOOB36l0jmFo6uJ8xtqneaqwA57gdIBjFs5r-TZJWhI7VDYO7AMMT6Uvqk668sRdt2kMh2CZrhcXOTFL_S7MYO3GBlVNuXClj3JjFEOsCPh1iggr9BCRy6Nttt_FCiy3cIpJSMrVDsMXNJnDCJQfIBdA3Lwj4k2sqVU4_qY73VvnvpmM5QP3nmB1dUZeSSIUyk-2MAhSPKlCDRHtaKCOVHmomCdb54Gz416ny9GsImxk8Prn_Titun7k_N3qyn4t4QTDCktsz_QhCv6Q_p1Q&sai=AMfl-YT8WvjenYx2rCteEG1A-AQEuQtPixVusFKryR6WhhlZg-1a7ki20VYXohp-vGxbCvIEQ7xK3IP3zVJgDp-USSG1gwvO-SNZDeLymZzvpjnhN6o0iVzRnbQkaDOw5zw&sig=Cg0ArKJSzFqqMjZjWlrAEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 916C 23 KB
9 KB 225ms
225ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 916C 3 KB
1 KB 227ms
226ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 916C 205 KB
65 KB 178ms
178ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 4733029731739093613
tpc.googlesyndication.com/simgad/ Frame 916C 21 KB
21 KB 232ms
231ms Image
image/jpeg 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4733029731739093613

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dee998c3af8b2929c31cc49a05832494853e55750e2286393df641d858231e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Sat, 25 Jan 2025 18:39:03 GMT
date: Fri, 26 Jan 2024 18:39:03 GMT
x-content-type-options: nosniff
age: 250494
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21558
x-xss-protection: 0
last-modified: Fri, 19 Jan 2024 02:33:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 204 l
www.google.com/ads/measurement/ Frame 916C 0
0 61ms
61ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaReaz7tGZ_frhSL-S-e-D0W1UVbKjWd5MrBfnEg1nzqolz1AiwdZTqG0fOzUWQ_oUqmV6HfNuMWOhfDv8iGNpFw_c3m0Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C0C0 0
0 86ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu00V5p9U6Yv5zEbcBJFMU8JJOl9y4FX2JiR9HbP3ohmffuvtvRd9AWYr14iwhgEGLYPuVHnZVnt7w5xtw6MdpVoEmQdMzOqvi23wgglE6btDNfsCidhrTblvUPmIgt5LJX_eeUwOSHI6x9aEMTOZBz3qoIG5tU1LO_QpcwAt57fRhH7fJrSqd3Xld7Z1hGraBfXlz2vkUlLTD8SckbqJyct36T5ss6jUcU_bXj5bJ2ilz4Lt1TlenJwJQKGgg_AFVxynO_ivGrZl4zJTPR1nJ3ceHyHDK9vkKNkVtfl3a9VVPYIM0B781Fa4kJOKPIEWkhcYHEGDJgh8ByOxf1wNqz52wBGbNdY_zwj5gnOl2leZp2Q6fQtZFM383C&sai=AMfl-YR4BOyMFTxp6JLuyBLcP02v940XjHvM2HPfGl8Qi1zRoCoJfF3On_dnjw_f8tEZ67UjuaAfXVhTD6xIFAo7GUjV7lKHNvxSB0p64zN0QzlC3ybUxGDc0Cd48t2z_w&sig=Cg0ArKJSzAB1pgYqlzNKEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame C0C0 23 KB
9 KB 228ms
227ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:08:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 16165788300067284045
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:08:22 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame C0C0 3 KB
1 KB 230ms
230ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68872
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C0C0 205 KB
65 KB 180ms
180ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 10760057740391249334
tpc.googlesyndication.com/simgad/ Frame C0C0 66 KB
66 KB 217ms
164ms Image
image/gif 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10760057740391249334

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41e121ea6908b6e97e7bb4b92267f4f0bb16ed294c52d5bab98469ea04f3904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67426
x-xss-protection: 0
last-modified: Fri, 19 Jan 2024 02:26:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 28 Jan 2025 16:13:57 GMT

GET
DATA 200
OK truncated
/ Frame 9C8D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e91f516db4d4d3a241756ecbec7b489ef234675070808ccbd953f72562293b3d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9018 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fecfc786d0afba02f859d468c27a08c700e0cd67a901e23cb5f85bd01fad40bd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2945 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9b25de87a3cfb2cc691f9067e6b32fb23ca8932260980a84244851611b2649f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C0C0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0ea0869d15d52dff2b111b4943d3f440cf0985f233f5df2cf0ce6430ebca641

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2EB2 0
0 188ms
85ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujPFCzxqhrOCV1ZEw4TQ9WrIEsf0Qv3Fn2xoQc-MyPAl3w9Czjpd3ElxniWqdEm8_xtcUp6H1VZoreuiwcdu1pKxdXZujEcotyN5efLwGE0dPmpecT_ey9h6_Y-j0r0ZLJw0Fc6lTE9_4dFRAFEQdWCZiMogIX6w_YfL_HIy01HtowFwCpfl-Na_FtxKRMoosIF3yS5wDDY6TZp39moWMqXJddF1LFCumY86an6w8DApzXENkZmSToXSnasEdRKur87svF_ku7cVOlB7kRh6bOudowupEdKJ35l_CZ8ukpxXQa8RFP5NTzD5qDqaA5lZXdhRe5v3bTUSBC_bu8JdaZJyVUknuPC4mcFw&sai=AMfl-YRdaaXPlfm63YVfW4cNHG8YkzIgldeBAytfxxljwcCs7rDIFL3O9rsgVnlNtZGb_nifvAhzXQ8R5IMazLemYQ2Oa48JcohZmPyk988hBaLbJPR9q05ooqDJqwfoelU&sig=Cg0ArKJSzDmHVUqrnRQaEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2945 0
0 113ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8mrEncPhEkvg8KzeqLEgqsingIHp7Mojgtz1quIYIwQiyyQUrZE6YB766orTXgJQkmONKqUAOhfB9I7QQ7axdpReZ36sthnXK5im6g23tn7OfXlkWnNz00ICgUvNC8Have6qrOLKRAVVpfpIXs3lyimLLzJvWLkrQOq4iopde1v0vYkIhMw-fIM8xUfFdWb46P4PRLiQukFQJTBmfbr02Q6LzFl_9Ojf3ox0dLoAYTKG-V5eInQsSmmdrUP5ZvyEIrCJ_dU-2XF7Cf21QwgM0Z-mUxzUiSBE7SWS5mVtbQ3pZE20jWCEuaalJE10puWB5YuznzleQStEDo-8Hq_vRhHNDOVJb&sai=AMfl-YQhBy0kq95gwpcLZzqOKKAGwA3wfQH05WqGUHdmQr3wbp3JnRhOY6ZSMcE2fGQrYhY6FU4Iu8OghvBbhC7gJ3MXPtYZVmy1UJN0wv-Sw_xIqSMTpyZ6RF-IpLbEwA0&sig=Cg0ArKJSzOj1Yf_RSKD7EAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C0C0 0
0 106ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu2xS0JsnW6rIeP0lGkRuKTzMUonQnmgu_Au-PKswHFHRWI6WKWi3IiuRmDCeNIrEG9SnD_JrwD9h82yt7NalL3CH3e0_TfusXoF1W2WdXSQNdoP40JETrD_bPQ88gYjxLNhmD2p96RRodrGHuBtKxmuMs3hZXExvr_HsAouIhsZoJY3jcZFqRHgeDpERkmZ6d2SvOw4ANH3cGhVRb_TWBexcxGET-qMHh0DZQ7UIZIE6o4WgJvzPPll1qd18DGMdQhLY7bn6bW90KqyH8d0ePdqLAB4XKkABsXCnreAKT22evZf_cvQiQDivpWt_DIdxYeCNGnQ1F6hh76VOJyCRQh80zYCO5FfXOckOo8Ljuv&sai=AMfl-YRU285Ba4JlZ8KJ103KOPBxvV15QFdnUq0IsI25q5ZDzOhFRnYVIDkK2emTcQem27h5ngjyvwSBavdYzy2gDasXUXVRU985A5DuUR5B6cuaKzM_Drjk_7WmV_t-_w&sig=Cg0ArKJSzIAFelUN1vcqEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 916C 0
0 85ms
84ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssqbZXzTqsN9APxEHTcwIUjPGY8Etueq1tMuyc4VDdoLQOb2EnNJlAtNYDkJfniUfGVV_cCIIsxzmxvbS_MU952Rn0TzIIwXmOSU3caOBxGXZikLxQGT_D0XfLxHe3WVXKscqrwWJ4Emx5o-sjBq00efBX7bUpw9p9PT4kcI95tzv3RzQfNTCoo7bgBWmxPeVIA_Vtzx9URTWuslqaN1dIqIdxBxiCCKxCNXjRb8l7-HNoLjxQwVXOJWeJXOBc6vNwz_8mFMcuhczDWJzYrjAsX49f4yeEt8U0jkymZUNtQpjkaVacVU3z4YD0HQj2LhSqGqa0SfuN8_FO7gDdy2a9ewII6aTFBYL8IYQDyr6jrgg&sai=AMfl-YSowpOB1OIY1blXMlySUTJuAcuCAIanvAe48-AwGUBkbOwlSLlgZ5medgHJC5wOIwOxZZMBRp3a2xpphm_O_wgfeBxoodZxWluVEgZzRoqBKR8r0zPZSUY5hdCjHaY&sig=Cg0ArKJSzJo_Aag1oLSqEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9018 0
0 86ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYPtPEvvajBFsoQ4_izVAM4ya-2mTUFWqhzA2ZKAGDXn0YD0bXgT4DimvKWFH0NlGEJBmzc_myKDao5aQUt0XbUeya-cyoYJgTAjzGzNmf844X71vQqCDjbF3EXiugkcYH-p5AuW0LPoc01sptYU91KPC5TIHUI5W6RuT_9AAreRFX8zalro-Ies5NRLfZb0x4UAYCHR4ojeyMm06oBUXsivChTbKI6OC3B--Kv-8pynN2uzrt9AX18RxjiaO_IZCJGwB1D1_Z7KZDXBr8iC0FYxdWuJgwJim-D8VqJlpdZ2bDmCCtUs96skxtRVSajXqcY-ikpKgu7dcJ_ftkrtTOYDu9pOEGAbmG&sai=AMfl-YRHKlpaO1APJXL-7I8Pl1zm_deQ8bAxqTcE5F28jeqxVLNhFLeUz8utV8r7OUxF4hMEZPA_YyfRXy50dbKK3oj_qZgKxhtDVeEmRQn6F0nEXW22RUkYLeuF6B5y4Q&sig=Cg0ArKJSzPCDil58gPigEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9C8D 0
0 87ms
86ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuN5S1e2jOvAJhb2mgCixmvH3QLJOrOZMMwMllvKnKYDem68QCBt9SMsFydYtjkqyFMs_HaicUHsZq4Ras3oDmDAjPYDbNcG310pDvAlq5loxKCgcAypSdepLubPBkZfvpQVJ8fH9OB00VZVkMQixSTsnWEj6VV8yJ7AgBiDg-L2MUOGmWG-1TjfFX27YeEKdS1Oy-rjj53enkbe_2J9QVmUuVUBmbe3qKX43amXdT_FXQsZAQe57_pW0oHQyPOOE_XjCEZGXvfi2Qe0AKfa3eHNG-s99fRETxSNnytnSk1RFBeHxaYwpLlAxa_D8E2HUEe9HWs0ggvvIHhaJlI2DqD99EJxDBh&sai=AMfl-YRErs49c0Xz78SNzG78dpe0NAVyAlrB1GmOu2514KmdnovlNeHbeXFRHkpPDy9p9a768-8zRLSByl1o4os4wKkuuMXcbbwDOFLaDg3LTK0ZJ1MzzqgwTkv5a1Y4bNw&sig=Cg0ArKJSzGBCtv4LwyEwEAE&uach_m=%5BUACH%5D&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:57 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 321ms
105ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401230101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0462da8dc2fb032a72b3cb442016cc2b3e154bf9f34ae1a759f741c2749163e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12418
x-xss-protection: 0

GET
H2 200 container.html Show response
40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CE3A 6 KB
3 KB 53ms
52ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:57 GMT
expires: Tue, 28 Jan 2025 16:13:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6D52 624 B
310 B 91ms
90ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJik9wIQqafRlQIYzfvKgQIwAQ&v=APEucNVsyh_HA5ATw46z_1cQW90C9eRXx4dxeI4IuDHT70Br9lJrgzGeDVv_7ICQ9-__NAysLH-iU1wt77vzPl262sd1Zuct47k22HAy-_rFOpMk4iDh-UzfdZsse4PBFeg-EAdyaFNXdlkt_XM1PdGQc8_9yJNzlEFDmbdhJbB_rSfkA_Vle5M

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B012 89 KB
31 KB 245ms
114ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:58 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1893484/77291975/xbbe/creative/ Frame B012 278 KB
82 KB 166ms
37ms Script
application/javascript 63.33.146.168
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1893484/77291975/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1&bundleId=&bidurl=https://www.theatreinchicago.com/
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.146.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-146-168.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e46bea449dc9774ac70d9b1c80ec2cfdd5bd362032cef8c73768004efcb20dd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame B012 3 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68873
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame B012 20 KB
8 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59521
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B012 0
0 59ms
58ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQiRyxL0EvQpRoWwpgTzGR_8baSNHfVEe-hQOa9dnnGafhlZdxK2D26cubKRfvoP84gnXb9bG6S8iWpcrxGSdaRJAwVHQ
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B012 205 KB
65 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:58 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B012 42 B
173 B 388ms
259ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AyrSDeYbqdN7g3kTOkSN0wwyEqfGMFGbsSEuVn0RZXguUMn2uZ8rqRLB_UruABAeAJ8Z5V0nrbBtctC6irBprtcYUh0MEUQ11j5e20SNcPsXRkbwQ

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6D52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1

43 B
739 B

24ms
24ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJik9wIQqafRlQIYzfvKgQIwAQ&v=APEucNVsyh_HA5ATw46z_1cQW90C9eRXx4dxeI4IuDHT70Br9lJrgzGeDVv_7ICQ9-__NAysLH-iU1wt77vzPl262sd1Zuct47k22HAy-_rFOpMk4iDh-UzfdZsse4PBFeg-EAdyaFNXdlkt_XM1PdGQc8_9yJNzlEFDmbdhJbB_rSfkA_Vle5M
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHxr0hoyBGE%2FBJhb1ReqvZHVV%2Br0jgZdCvE6RtOaX4IVaCHz%2B3dmIQJ5oEK3hFuszBG%2BEM7%2FKYRrULmlZmpIpc3E1yzPBb%2Fm9qaoZ%2F424vbPFs9GY5LT2IkdSpJIkOb%2B70Oi78BI6NU5rA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2c3f758368ffb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6D52
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbfOxt3vq-fRbIvAfE1iPAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1

43 B
765 B

20ms
19ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJik9wIQqafRlQIYzfvKgQIwAQ&v=APEucNVsyh_HA5ATw46z_1cQW90C9eRXx4dxeI4IuDHT70Br9lJrgzGeDVv_7ICQ9-__NAysLH-iU1wt77vzPl262sd1Zuct47k22HAy-_rFOpMk4iDh-UzfdZsse4PBFeg-EAdyaFNXdlkt_XM1PdGQc8_9yJNzlEFDmbdhJbB_rSfkA_Vle5M
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkxPCvNf33zfhZZdxCO9gSQce92VUy56TP5v8b8ysqyfXC0ZmUwgK5t7uaQWu7xi4njcnUYD3s7pHdE6JnOE6jiJIiXXrgAZnxxNaohqIyjz%2FxFJ8fT89dsfPWX0CpcUO1UakGzwUr5cFg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2c3f758378ffb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJtPc4ACGIfPlU2pD-zCmds&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 6D52
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG6ObYroQjKIUid3ifkvXyg&google_cver=1

43 B
1 KB

9ms
9ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG6ObYroQjKIUid3ifkvXyg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJik9wIQqafRlQIYzfvKgQIwAQ&v=APEucNVsyh_HA5ATw46z_1cQW90C9eRXx4dxeI4IuDHT70Br9lJrgzGeDVv_7ICQ9-__NAysLH-iU1wt77vzPl262sd1Zuct47k22HAy-_rFOpMk4iDh-UzfdZsse4PBFeg-EAdyaFNXdlkt_XM1PdGQc8_9yJNzlEFDmbdhJbB_rSfkA_Vle5M

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
an-x-request-uuid: df91fbee-44e1-4b2b-9e39-230b5c6f20c5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.131; 185.213.155.131; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG6ObYroQjKIUid3ifkvXyg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6D52
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

170 B
243 B

118ms
47ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
an-x-request-uuid: 22bb3fcd-0994-4f6b-be93-8b9e3661b97f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D
x-proxy-origin: 185.213.155.131; 185.213.155.131; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Jan 2024 16:13:58 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B012 0
58 B 259ms
258ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1277831321794&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B012 0
56 B 259ms
259ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1277831321794&version=m202309260101&ct=76&x=1&cor=6202049104245645000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B012 16 KB
12 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DL7qtLh0eZPhz1d_XOXqEeb0G0vP7bsE-0ey1ncaO2ngFl-oz4Q8NevPzDOIMnTKBTR9dYbOJDMYwLS4LXsQCzvuQonza4hzfmOh_RWY-No5leKpoRXM-pmbaVF1vCpBJZzxx5fLZOZYNSx12TaOD45VSG4zJ_nPbR3J2KZFdvvsX60Eo&cry=1&dbm_d=AKAmf-DGZEZiq03TbJ2u0SsHV5KZPqC6AmZZBH-CApB1CtAgcSB55CWLUxWeyeeE075igeKqjhTSaikOJzec-AAFSAHZqA2RCTYsHxUpeBJUSY14gcVBQ-hRfOrrIPtlrLekCw_EsS09D57e_nMpZkd4FQ91E51n6-Dm9y-CNewEmIXqYddDblico5Sg9_Ls0CK72AA7b_iLeyuxmS3861jrFC3ry0Ygy73sfkz3fe_YHK8clUus3WdEDoXGag3WqcMGy_vsmfg2ydEASpy-6GHOpINvGcrCGNgDmbEqgY5KHrfazohQLbeaJFRuTuCJxrESV_o_Fm6vFIzRnupHb28TEZc-D4vl56g16z2cajjrLMO1PV9jFv3m22sAeW8zMqWlY2C7sSCTYeLlOcYdxGfvDMIRfjw2K0v4TjdkYHL5I57yIKg0IkojN_Q5CgBn6sRE_A0cPmQjKUMOYqL39SB8CIoSQvdooy-X_fGMSEoWdv2L1qPzHqGRq6rAhgRJsGd_mePNnOLUoHtu1UhuHQrJH587IsWf9-S6B9gkG5LCQmQezdQRdQreBxWSlR1kV5W4mFNmyStHtIXIjN0zYvoPOZ33ma1_bWch4uhX_fIpDros91LXHxgwd-hBlyVhf_BU9moAF1-gCOBdPZ5Z4jDStxl-3Xk-GStkUeJ4spm2IcVM1uYrjETJfOVhxeaGC22iEathf6gZtosrQIwRlEL7ScBYgZA12kxRO8Z-B2yTHc00KoQj-POMHTIqAXdvDwOply-h4du_XUxYhWxg04Zui4flKBUO_7gmdfV4MoCagodLEzDunkKTyPVUUyjb_yDMYWK1u7fuu-aSgus-QUpe6GO3ANFIEYgNQvKQPb1YyH84Eh3lKbTrdinIMzzfPcgIvB2oir40k-FoTIl3f8iFj87XfZWd5ZoCyZtnt5mAdCXsIp-YIJhG95EV_mPzv9KtML3w1hshtoGSsIUzNRJYaz6B2VBfhBlZvu7UkPL539dh13auPqcFhKj-DXpI9_Qhj3WEarle4F9fFCKVF3syAM_A8VhwXhISOfwAaXZYotxg5hgVBfbiCRk_6djK-hcyxB_-E5_vDN8bCDNxUyL2rLs_lhqv391Ns8G5sniC5Lr-abgkimtykpGG9fLheEgVI8t1z65uyOV7lCjN538E250LFtTz6RuJaHBxqwouVrr-8MVZPlO90cF6JkFt4q_EaDRjrL4UO9YIJmzcs8Y1vQYFmZQGuu3P_TalPvGfekRWgxddTTYugsEKTYPGOP9o8Y1FGLRjN-y70O4T_B4k0ma3TphQBxPp5Or00GsXXQPZTFkOCr5FdbOYBrhHj3Iqt-oeIsmUHbW9uy2OdgYWIJsut-SQllzFRyPorM4i_uIxeVok9YVFZi6O2kRKoObWYPQPsJNFbzOmcB3EU6PUaXh12Y8vVME3gDExsYofK3e4nFM9WOioyf2jB8zWRxWyZH8cv1VysVmM2Kq8btiQi8E3LsTHpQTG54VpQ3RcewSQMs5KDaXY85bbxQaQo9kTWugnTZGukfzR3Z4qt82mO6dafOW0SMZHyG1n9_bd_qK97bPTpJOYTy1OjLOHBANaUF0ml3jscXCt1t99B2BN8f0CWpbRYbrJamoNO-b-Sjd4K3QN515L_BiIFjoHDXda80bW4jBU_5fAlM1RylINBxeU8kfEPjX3G11uxf1K94hm4Ykiby9aEwhfu9PEgGAgcl_tFRi0-miqNxxmxo0B0w6SH5FG0ENkNnVrVmlz1wla1iOtW-4vn1fDErvnZYyn9Ki81QXXGfn3IvnWyA5cdI0PaXsmgnYz5IpjDwCuE64iORCcOX6GoqTT05zj0FwTCgt5QrNTZdZFCBsDUMrzb2lcFE0U_WhVWUckUj3Z7YdefuvSlgCY4VWGKq94eY5eJ2SHogQDDyWaMMRQLzgPrmK1uuJ8WwAqYg-QQcNIftv2-NJuQHI9zmjQbIYa5cv_X_l1MKzPrQ1icsq1cgYNIhXdUSMSXsi3drr_R5hCxpEdpxhdLZ1OJUpUl6Dhh16OrxI7P5klKoy9iSE_mPCkEcr0BRHLewy4UgraSxEQP-2s0ecCkYjglC3gZbZurZj_smYhbUv_bhnhlKCtb5RAadxqOjqMFUMkvTgLNWSvvinEnsJT87I3JiDUNUPrw0s9Ja5vYSJPMS-bor9C44gcOrqEmdRlc7C7bOwXPMCz6BYtyOzlLOvr392wbzDw6GpKab8kPouyMlseqCaLXjYpWaIhYquaXK0TkvzgK0hRBnfAkG6OVXMXk1SsqfRX-J5LGTN_j51kwRkymaqTxBuDalPGgOGjLZpYJZ_A5FVaQunWAUB1qGHOGyLg0FPulrFSgSjeAhx5GZSp-CgEjVC8RcYA7eLJctEQNmN6JGCqvJxPBgQM7scLGhcNNUFA1OVLQwVOygwwLzBX4pVvXmvG1IErULLb7hfEagPT1ljjgIhveeDKP24brrsa2GLaWvrsaOFhxyRIU2YPxUhz7-MLIZkN6qlURSyI9rGMzyXOjBf2UTOebKQ_9gExtzKr3lr06AwkO_CT_6Xv5OEkQv31leEJj8PLZ_BTR-cL2RdedqyYrNfvQaiSQ8A8AjNgUj2k9XDHQ0ybYxoVoAI-klr-rlYi91kcJ5Jo26Jl1Gb7TkeEdd6wpzzEi241inkRwtZV0jvCppFwKHy1mLCuYBKzKPKbKNJwgdQ6BhWvEcC3T1ILyCKKdATbNP13ISUSqksXvuPEOn6riYidzpkBp7MBAZle-zn6WhX7_3Ikh1f_GcJ3WiecvEXJOIv67E9cVsG7x2evt9yWdSHUVtVn6LXKzxEkbGBHOKmY6D5dP76HOOvtff9H91SMX3lWt-9IOPFkQ_Tz1E810vmQQnewFNrx0gMq5P8sDceENDapcm-hNayD00rkuYmYNcGkdmsnSgBzWyK6xo0E8NVpkSmxGZV5Ctb1G0pFG_s1bvf_uuNCOzu_8l5YS63fsdcxtD3bU0OgAXLQCnmIPfjZ_liuH4u9VOxLbezZG05U8iDkDf538fqNa2GOL0Tm683SbVuXhYs4XwHgREi4wIrB-I325jL4Ni0H6WeyVws7xd3K6zObgn0Ui3YTv8bXf_DKgSv-3of3nbYpEfhOedhHbQDVrV59YN8fb2lhQA&cid=CAQSPAAvHhf_iRay-Hk5IvXtAJoyDT1ZJuxfvJmIcf8BbMtQ-mhOuUMEjBFB7aPBGbOKeHvWwsWamGt4aNyh1xgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=6202049104245645000&adk=929882888&idt=302&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b077702c377419771a3cf67ccdd335f645802510dfe0f7084d75b16bde5bc91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6753 13 KB
5 KB 51ms
51ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 11014
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 13:10:24 GMT
expires: Tue, 28 Jan 2025 13:10:24 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2233 829 B
559 B 60ms
60ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

690c1cdc3908a99cacc2877843aa77fb9550d2d9c5f112e7bf9a2f41964d05b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G8G8hgdVKMdbOKKm95rAuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-G8G8hgdVKMdbOKKm95rAuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:58 GMT
expires: Mon, 29 Jan 2024 16:13:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7A74 6 KB
3 KB 52ms
52ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:57 GMT
expires: Tue, 28 Jan 2025 16:13:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6753 39 KB
15 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 09:45:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 09:45:49 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2233 0
0 258ms
258ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401230101&jk=2633222901932391&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame B012 41 KB
14 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DL7qtLh0eZPhz1d_XOXqEeb0G0vP7bsE-0ey1ncaO2ngFl-oz4Q8NevPzDOIMnTKBTR9dYbOJDMYwLS4LXsQCzvuQonza4hzfmOh_RWY-No5leKpoRXM-pmbaVF1vCpBJZzxx5fLZOZYNSx12TaOD45VSG4zJ_nPbR3J2KZFdvvsX60Eo&cry=1&dbm_d=AKAmf-DGZEZiq03TbJ2u0SsHV5KZPqC6AmZZBH-CApB1CtAgcSB55CWLUxWeyeeE075igeKqjhTSaikOJzec-AAFSAHZqA2RCTYsHxUpeBJUSY14gcVBQ-hRfOrrIPtlrLekCw_EsS09D57e_nMpZkd4FQ91E51n6-Dm9y-CNewEmIXqYddDblico5Sg9_Ls0CK72AA7b_iLeyuxmS3861jrFC3ry0Ygy73sfkz3fe_YHK8clUus3WdEDoXGag3WqcMGy_vsmfg2ydEASpy-6GHOpINvGcrCGNgDmbEqgY5KHrfazohQLbeaJFRuTuCJxrESV_o_Fm6vFIzRnupHb28TEZc-D4vl56g16z2cajjrLMO1PV9jFv3m22sAeW8zMqWlY2C7sSCTYeLlOcYdxGfvDMIRfjw2K0v4TjdkYHL5I57yIKg0IkojN_Q5CgBn6sRE_A0cPmQjKUMOYqL39SB8CIoSQvdooy-X_fGMSEoWdv2L1qPzHqGRq6rAhgRJsGd_mePNnOLUoHtu1UhuHQrJH587IsWf9-S6B9gkG5LCQmQezdQRdQreBxWSlR1kV5W4mFNmyStHtIXIjN0zYvoPOZ33ma1_bWch4uhX_fIpDros91LXHxgwd-hBlyVhf_BU9moAF1-gCOBdPZ5Z4jDStxl-3Xk-GStkUeJ4spm2IcVM1uYrjETJfOVhxeaGC22iEathf6gZtosrQIwRlEL7ScBYgZA12kxRO8Z-B2yTHc00KoQj-POMHTIqAXdvDwOply-h4du_XUxYhWxg04Zui4flKBUO_7gmdfV4MoCagodLEzDunkKTyPVUUyjb_yDMYWK1u7fuu-aSgus-QUpe6GO3ANFIEYgNQvKQPb1YyH84Eh3lKbTrdinIMzzfPcgIvB2oir40k-FoTIl3f8iFj87XfZWd5ZoCyZtnt5mAdCXsIp-YIJhG95EV_mPzv9KtML3w1hshtoGSsIUzNRJYaz6B2VBfhBlZvu7UkPL539dh13auPqcFhKj-DXpI9_Qhj3WEarle4F9fFCKVF3syAM_A8VhwXhISOfwAaXZYotxg5hgVBfbiCRk_6djK-hcyxB_-E5_vDN8bCDNxUyL2rLs_lhqv391Ns8G5sniC5Lr-abgkimtykpGG9fLheEgVI8t1z65uyOV7lCjN538E250LFtTz6RuJaHBxqwouVrr-8MVZPlO90cF6JkFt4q_EaDRjrL4UO9YIJmzcs8Y1vQYFmZQGuu3P_TalPvGfekRWgxddTTYugsEKTYPGOP9o8Y1FGLRjN-y70O4T_B4k0ma3TphQBxPp5Or00GsXXQPZTFkOCr5FdbOYBrhHj3Iqt-oeIsmUHbW9uy2OdgYWIJsut-SQllzFRyPorM4i_uIxeVok9YVFZi6O2kRKoObWYPQPsJNFbzOmcB3EU6PUaXh12Y8vVME3gDExsYofK3e4nFM9WOioyf2jB8zWRxWyZH8cv1VysVmM2Kq8btiQi8E3LsTHpQTG54VpQ3RcewSQMs5KDaXY85bbxQaQo9kTWugnTZGukfzR3Z4qt82mO6dafOW0SMZHyG1n9_bd_qK97bPTpJOYTy1OjLOHBANaUF0ml3jscXCt1t99B2BN8f0CWpbRYbrJamoNO-b-Sjd4K3QN515L_BiIFjoHDXda80bW4jBU_5fAlM1RylINBxeU8kfEPjX3G11uxf1K94hm4Ykiby9aEwhfu9PEgGAgcl_tFRi0-miqNxxmxo0B0w6SH5FG0ENkNnVrVmlz1wla1iOtW-4vn1fDErvnZYyn9Ki81QXXGfn3IvnWyA5cdI0PaXsmgnYz5IpjDwCuE64iORCcOX6GoqTT05zj0FwTCgt5QrNTZdZFCBsDUMrzb2lcFE0U_WhVWUckUj3Z7YdefuvSlgCY4VWGKq94eY5eJ2SHogQDDyWaMMRQLzgPrmK1uuJ8WwAqYg-QQcNIftv2-NJuQHI9zmjQbIYa5cv_X_l1MKzPrQ1icsq1cgYNIhXdUSMSXsi3drr_R5hCxpEdpxhdLZ1OJUpUl6Dhh16OrxI7P5klKoy9iSE_mPCkEcr0BRHLewy4UgraSxEQP-2s0ecCkYjglC3gZbZurZj_smYhbUv_bhnhlKCtb5RAadxqOjqMFUMkvTgLNWSvvinEnsJT87I3JiDUNUPrw0s9Ja5vYSJPMS-bor9C44gcOrqEmdRlc7C7bOwXPMCz6BYtyOzlLOvr392wbzDw6GpKab8kPouyMlseqCaLXjYpWaIhYquaXK0TkvzgK0hRBnfAkG6OVXMXk1SsqfRX-J5LGTN_j51kwRkymaqTxBuDalPGgOGjLZpYJZ_A5FVaQunWAUB1qGHOGyLg0FPulrFSgSjeAhx5GZSp-CgEjVC8RcYA7eLJctEQNmN6JGCqvJxPBgQM7scLGhcNNUFA1OVLQwVOygwwLzBX4pVvXmvG1IErULLb7hfEagPT1ljjgIhveeDKP24brrsa2GLaWvrsaOFhxyRIU2YPxUhz7-MLIZkN6qlURSyI9rGMzyXOjBf2UTOebKQ_9gExtzKr3lr06AwkO_CT_6Xv5OEkQv31leEJj8PLZ_BTR-cL2RdedqyYrNfvQaiSQ8A8AjNgUj2k9XDHQ0ybYxoVoAI-klr-rlYi91kcJ5Jo26Jl1Gb7TkeEdd6wpzzEi241inkRwtZV0jvCppFwKHy1mLCuYBKzKPKbKNJwgdQ6BhWvEcC3T1ILyCKKdATbNP13ISUSqksXvuPEOn6riYidzpkBp7MBAZle-zn6WhX7_3Ikh1f_GcJ3WiecvEXJOIv67E9cVsG7x2evt9yWdSHUVtVn6LXKzxEkbGBHOKmY6D5dP76HOOvtff9H91SMX3lWt-9IOPFkQ_Tz1E810vmQQnewFNrx0gMq5P8sDceENDapcm-hNayD00rkuYmYNcGkdmsnSgBzWyK6xo0E8NVpkSmxGZV5Ctb1G0pFG_s1bvf_uuNCOzu_8l5YS63fsdcxtD3bU0OgAXLQCnmIPfjZ_liuH4u9VOxLbezZG05U8iDkDf538fqNa2GOL0Tm683SbVuXhYs4XwHgREi4wIrB-I325jL4Ni0H6WeyVws7xd3K6zObgn0Ui3YTv8bXf_DKgSv-3of3nbYpEfhOedhHbQDVrV59YN8fb2lhQA&cid=CAQSPAAvHhf_iRay-Hk5IvXtAJoyDT1ZJuxfvJmIcf8BbMtQ-mhOuUMEjBFB7aPBGbOKeHvWwsWamGt4aNyh1xgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=6202049104245645000&adk=929882888&idt=302&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 361181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jan 2025 11:54:17 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame B012
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1893484/77291975/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9B...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6...

73 KB
26 KB

84ms
42ms

Script
text/javascript

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

cafe /

Resource Hash

019b4a1fa52be349c3557c5404604f5510c0907722f77f59d3d61c1b940530e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25859
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: app10.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 8BCF 91 KB
92 KB 80ms
15ms Script
application/javascript 2600:9000:26da:800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26da:800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 20:43:31 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via: 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
age: 15967828
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 93606
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: "1f3488247c90bb5de253d3d0cb3b7458"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: EZWu1yZ96Ftq2KC758caqrbR1F_ZTe6AhQ2gA0WaXg8N8U4wVqrpFA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 324ms
106ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1te,pingTime:-3,time:46,type:v,im:%7BpBlk:40%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&br=c
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
216 B 319ms
102ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1te,pingTime:-6,time:46,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&tpiLookup=ao:www.theatreinchicago.com*%2C40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com*&br=c
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B39 624 B
242 B 108ms
108ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUv7r7ZtdQzckg6oz5DM3qZzPBNjboE4Td6JPGZIvs6PCmjnSle5_4cc8L_p29H0S5uyIfe1Pjbu_YbJP3i-barwx47TiJix6-Q9sBTCfc8z3snJUmXyATA9Faawviz7TdgcnLxY5N_6J_z89Cx1ejRs0518ptjlyjVuTQAkftB8nAbqqM

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7A74 89 KB
31 KB 95ms
95ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A74 42 B
63 B 252ms
251ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AEi7-Z1Nm_4PSuAzdAV2Me5f9tUzEiKQ4yZgdhVj47cPmUd1Q5HncENYPyeo05Dnqgzw9j5hUE5aQNJbkZmPfj6Z9znPHgiagZs5J8ZTnHnVPB6V4

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 7A74 3 KB
1 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 21:06:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68873
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 21:06:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 7A74 20 KB
8 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 23:41:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59521
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Feb 2024 23:41:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7A74 0
0 59ms
59ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRPboclaVzN4zqD16uUr5QbuOouEZOfA7V0T-D4fZScj0pApq0hTECgT4FSlOEjlI2Euup1YJ-XPKjCAHMFgWF-cfS-Xw
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7A74 205 KB
65 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66337
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1706100845105677"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Jan 2024 16:13:58 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 319ms
105ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1ti,pingTime:-2,time:50,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:411,beZ:413,mfA:416,cmA:417,inA:417,inZ:421,prA:421,prZ:426,si:431,poA:432,bl:451,poZ:452,cmZ:452,mfZ:452,loA:458,loZ:459,ltA:461,ltZ:461%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:50,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B43~0%5D,as:%5B43~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:20,sinceFw:29,readyFired:false%7D&br=c
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame FA1D 38 KB
13 KB 52ms
51ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 361181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Jan 2024 11:54:17 GMT
expires: Fri, 24 Jan 2025 11:54:17 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6753 0
10 B 54ms
53ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5X6mOw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 250ms
104ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1uo,time:118,type:e,im:%7BpWait:8%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:118,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B111~0%5D,as:%5B111~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&br=c
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame FA1D 39 KB
15 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 09:45:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 09:45:49 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7B39
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1

43 B
737 B

22ms
22ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUv7r7ZtdQzckg6oz5DM3qZzPBNjboE4Td6JPGZIvs6PCmjnSle5_4cc8L_p29H0S5uyIfe1Pjbu_YbJP3i-barwx47TiJix6-Q9sBTCfc8z3snJUmXyATA9Faawviz7TdgcnLxY5N_6J_z89Cx1ejRs0518ptjlyjVuTQAkftB8nAbqqM
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jLeXAhuiQNM71cB%2B3KdDX2aep0fc%2FyL28wGRR8NE3c%2B8ajGP1U9Ew53zEZbrL3LbzdOr3idXI5WAkx7fofjI%2B9CIQNkBXfHq8w1xKP8srPBM4pNsSbbGpiwHg%2F0zTkD%2Fu9crps%2FgZbikQA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2c3f979ef8ffb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7B39
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbfOxt3vq-fRbIvAfE1iPAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1

43 B
735 B

20ms
20ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUv7r7ZtdQzckg6oz5DM3qZzPBNjboE4Td6JPGZIvs6PCmjnSle5_4cc8L_p29H0S5uyIfe1Pjbu_YbJP3i-barwx47TiJix6-Q9sBTCfc8z3snJUmXyATA9Faawviz7TdgcnLxY5N_6J_z89Cx1ejRs0518ptjlyjVuTQAkftB8nAbqqM
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTyguDZx2if%2Bfs4%2Bx%2Bf028onM9v%2B9hvS4yj8CPDpshSxMMsho9EXp1n3wVpiZIE%2FaWI5Ymmc3k0txf9ku8IxT2VxjX97nyYEYxbqdvSXgEPAAh06TTilULYoVT8vYBi5aCFfc3%2Bm24fDvA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84d2c3f9aa1e8ffb-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKcY36_A2_ESgwHnQLBQRB0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7B39
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELSe5MGUe8EWKEkFLAA2JlI&google_cver=1

43 B
1 KB

8ms
8ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELSe5MGUe8EWKEkFLAA2JlI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUv7r7ZtdQzckg6oz5DM3qZzPBNjboE4Td6JPGZIvs6PCmjnSle5_4cc8L_p29H0S5uyIfe1Pjbu_YbJP3i-barwx47TiJix6-Q9sBTCfc8z3snJUmXyATA9Faawviz7TdgcnLxY5N_6J_z89Cx1ejRs0518ptjlyjVuTQAkftB8nAbqqM

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
an-x-request-uuid: beaab0a7-30c1-47d9-9a14-d7136479eac2
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.131; 185.213.155.131; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELSe5MGUe8EWKEkFLAA2JlI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7B39
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

170 B
232 B

46ms
46ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
an-x-request-uuid: 233d4335-3312-4e68-9e9b-119c66eaeea8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc3MDgwMjU1NzgxNDIzMTY0MA%3D%3D
x-proxy-origin: 185.213.155.131; 185.213.155.131; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B012 111 KB
39 KB 205ms
56ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Origin: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 08:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27301
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Jan 2024 08:38:57 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame B012 12 KB
4 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1893484/77291975/xbbe/creative/adj?p=APEucNWTiEdmNpiJx5fclKXwlFBb3gXpsrwRHH5uog8aSms2zJdh4Wo&d=CpkBAKAmf-CMRm6V5b5q4tPY824nAg4-CmIJFWubiAc6YtLeBWwcUY12sK2kr9Bpa6L3dZLuKPOPaxD3AvwvzOQW6DJZ_hZLd3X7kjK8jZb280AKVlmOggLrwIf-8OfntwzyLYA_ytvOXBGyEMOzgHBdWW0kdaaM9AqSoW5X1WoPLOqZCU_eg-EOUlr8StWuUrK41d5HbdDngTF-EukVAKAmf-C3JaexH3GNLLH-sVRnyak64G_QgSo6Xyhf1eMY2Eq1fnOwOD1PoXuQUfervWKc-BqZn_ctQEcKOALtcKamIcDsUXKpSyvw9Hmtcw9SnDwX076K_0xkU2UQ43RPaFnJcc7GeQhjOalUizlydS6JLXmaMtGI8hl_jnPQsBMUSMwySAUoZL15uKrOkhFU60mv_MzCx8LMDHLAYquFpjYkTLuOTLbQfqVFQSfT9ZTWbgSbNjdEbClgWM1rZfCOJJHff99C7ssikT3vYeMBuFLoONC8-XahV00vUNZSSQCDCTGNmBpi-Uvnv1FCpBXjZfeyTIDLkgylvh1Ksd62KDAMYBS4pE8IdAj9UkeSovSn6mMpmDd236__0N9SNV3IU0OFMQUr9fPeLXIdOeyMTjHuPfqQYhp2BhgidiMlhMDc7hUHGt92NDsuxfXG2MF596DsDysKHhNk5-bPLehu7EzHd97p9neGLJg_rwBFzdkDzkmc1BGO--UERBCi7CiKkU4cEOIwR0_oQ81iRDS2F91vrqIQrEUKVcly4Q_SoAc4uGXLkDQxmN5niOT4c3v0jEbjB7zmNsN3ppzfGS77qo1w3V5uHMUHHpM7emp70hqpHH-0cwHSib9R4dr5IDEMQ5UtPBmZunGBRP5MRsHk2R6QcyEWSHE6-Ftc-JQM6ts6gR4yiWhsW1wQMd29prA_zXAfb5lWXG3rL6yGhL87RYcHZJkkWNKcqAPx4xUMCGYf28VBU8bTZubc7PnYe1sddcXz65goG6np6qwyQiSMfyFY6E9pH5xTR1d_BRme8iWOm5XpZzQzorZXKq7wXAvdbDz1xjhHH83ld6FSqTCbnr7iH2ZBOTV6vz2u-pef6Sf9zMZy6e40xaLssDyZWk5vnT0QAJLyb04gL4Pv4pqXxOoqEkQ2ep5PC7R2yuIWHvYYfacN26jnCQFEtSJ387vW2FhR7TfVNTN7enG6axzm9VCYQh2fxx7z2OTcy4d8TRVlDVSOnFlFny7nj334zX9Jxw2vtH34zYOost45P87sgyFxXSOwYp7bQuX8vfCbydEn8vTrF6XfApQ0Q8T4rNbzuvLn_540s01yBhjtX4oA5RUh4ryhgKCetUyrNYWTrm_DY3JJQonnkfDb9jGHiecWs_-P2kWYg_N99_IzX21Zfx-Nl8-7Mzk5l6ftQ-9sHtqhrkIw5BUh3GRwBhOxDchW2pJlJWLrMJAjltZIZS6T65jSPkM1ZQoE5TTWtmk-MaKhxTQFaSbAlbNsJ8E9T_0VmkxY04XUJ1kYpJT-XRT8wwogo1-26Yn4sQ8QHIhc8mR2MERVpiCi84ZXGYmMxB9mlrCw8eq80TqmJa4GqbObHOvOuweaIH6hf5JFGBx_ycJUuZMBVy5rOO0IVHmth12-Rj_BKqdBtPnjFY5-bIhFZFNY0wp8-jeUOgvkKno-YcolHkpKXkv0dn6vDemDgK690nremUheeLWKwvaBs3y40j6U1zBtygc7eXxvCelre4BP2X542gvE4C9wpRxCtiYdQmW2vZ1WQxBRdRfKG4bNabaHrfJf3CWC4or8FafeG7Z_f5NPjxe3cNqvwfJgxRAtTKj7mnznEftyyFQr8OGY3aScyhSkyCB-gMpPD49cMF2i5gCo-Z3SHXXI__f09rFLKFR3S1YpqbacMtD4i08InAUb7ua3WFdQQJMaxfMjZsOistMUl6jUOcNJXEHBSONOMBcSA40XfoUmASGgdm1jBsDamLBkcMAtJENZ42KLbri8AXMQjVJhVYnB8LHkKylv42_zKPCUACcKycEwjJv12TYlN5eDZLxjcfw4o4ndUnQBWZReBh5V3g_63VM3i5VcA0siIulQwaC-GQTVMlnJ6ZgN9w-OvHmtbojfovdN9NOxeGzUdw5XAU_bEaywyI9l1wcNNwZ56ZkTHYYOdjw99BwzLslQLDEI8Io7mUIBg4Bi04FaCok7GD5t8y2OAWt65B2QR--8NTuECp9F34gjkNRznIR4321NVWBCMs4Vj6EmaINQ2A_KjuM8aREBVkkd8Fe40xmTJQNvost176eRdMC4P-25vpi0aqNeBBOpgN4pGxCLXk4BNb-EOaB8nYIIWnFZFKerpUgUYKFvqyFXQavIBlJfAH3j6UO3wAIDh1F7EVQjt8zZHaa7HzJrepBFGHDPk2TOMTJjWmQyvV5-SsFci7A0w01MkEGm-ch1XLz4vDhC4RIK35zZe0Uz1FXux3mqJvjbhhICinQrHVQv7MUO3nIkhznNPzYzLu1AbSPxo8A8zaof5U2i8N3GFvRctljc4Q9lmpX5M9hs6nPQh0J5RjLtACenNdkVTIjXKcNPPP8SlCY_Zu55hbsycmgwIW6sEKxxjQTRtA7TGokB8uq-kzi9SEsb5zVPB4qNZ51o60Ru9rUZ8BmoUpm0iBLcGf6ifEoSXzY0csPKLKoDQnfUsbuANKHDMos2dax0-iVpHLRIaj-GLqtSkTuddhFH4VuHBFr0iFPEi8C7WgIGrDX3Tvqx3SBw6yGWH2cku1fqDAc0DIstAiUPqMHMhtqZ-dWOJqfW-Bij5sh1nknacoKUoZN2IzKTXavOIXf9YNh6pfHhwLdcbqAv97BM3l6M9qdCYZDDeWlw72q1PsMFTbXv-aZo8LTIvXb6aEYrQaBHv32ibikgSc2B8PgOgBeAgHzAFuXeQRxgswpEzA3kWFonbUXZJ9Ag-htjWRkRMceDYGabdiSS2xxa0a67cjTAJfVs79x3DY7IpEobyyoxTe36nnmKPHHS9-2x0ahLsbcqmzvYLxjxRpD3Sw0lthZ-VG1fECSeCbSmqf_z3TOaijr12_Jgkzqk3-8uZw-RvjTKDUzWtgpO4BSJWXYoJmGXkWKhxKaEHPAHFkIE7wN0yx9HryElI73gWKMdN39TJxcZHJ3Jb_01ZSuxi1Y-3iAfh7XD8j4Sg1doyDoq74Iu7E2JX--3oHXEf4Cnz1LnhvKifmph-ffdFWnUjq0eZ0UJY82u-ngt0nUmvRqSQ2PtXGAptSRGz_Jz_8XFyu5b0ELFwiw4FOSS7LqjDtVlfYiBbuSEvdFVRoAc7wGjtFTN8WFyTB7i2XmPs7OV02Rb4ZwanwoKqjkKbitNFY1QpcWQhmcv4nqlo27BQxk0BLWfP05CvWj1mAj6OSSwRBOCJBdy_uGKrw431SFdOyXflvbUrrhrGjcBmcagLzcijwmOpHtm2Q8Q2QzuedBARYDFGvHDLdU4M0FW8uIkQOsuj9xEBEW-xhKdHtY3i7lQ0HaKqFM83ed6BAoziwZ51CMF_L3MBnncoESjtauE3dv4uMtI4-Uw-yH6a8JXKpdTHvjMKVCNOuxlan3JVk2GWmoT7QNHNt0YzDT-3cpzhyaQM20Q-yw-et2qUYy5Q2pK4PTfII9xsY2N1ZrTvcchoq24xsmxoyFZZQWxTTqdRPvD_7MHz83_hfA9ydxLSJOWWGCZAk_uST21ZlIl8fk5nGQxVOqnxKwpvf9kgHKWIcyJfWdBySI1273LOHxiomzJ7yWhVbgqF95udtSGsp51d8lOhNE1422nVSgBGJ2K-aSh_rJXONYaugO3jealn_tpd6ckMj3izwMT7cOwqjBSvWmTFVwS7xFstkvmN3T_WIm1H6PTybNyIxEe6ZkxQ0S3cq7jLmcfWry4UwxRkmNqbUGZVH9cP57ZSF-Jatbp782mOEqkN5qzF5EbcnH_GkIIBBI8AC8eF_-JFrL4eTki9e0AmjINPVkm7F-8mYhx_wFsy1D6aE65QwSMEUHto8EZs4p4e9bCxZqYa3ho3KHXGAFgAQ&cry=1&bundleId=&bidurl=https://www.theatreinchicago.com/&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2F40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:cc6f83e7-81f9-60ab-10ee-a086f61ffb9c,c:2HV1sN,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-74b57f8799-x2wmf,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:dfhui1,mtim:4,mot:0,app:0,maw:0,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:20,oid:6838c3b1-bec1-11ee-8767-7629295f58e5,v:19.8.476,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 03:29:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45865
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 03:29:33 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame B012 31 KB
12 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fa42c1d96f1d20bb0a5c0f1468aba661ad4c3584dd51646a3bfb996e869b8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 03:29:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45865
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11931
x-xss-protection: 0
server: cafe
etag: 11828260617052087593
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Feb 2024 03:29:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EDB4 1 KB
643 B 54ms
54ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Tue, 30 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B012 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c57474d7e47afbb74e85908222a1483feedee8cbba1ed7c94450db8fcac1ee36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A74 0
20 B 251ms
251ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4142327989349&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A74 0
20 B 251ms
250ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4142327989349&version=m202309260101&ct=77&x=1&cor=14319050516398428000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7A74 20 KB
13 KB 111ms
111ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcHXV4ALgVdzHT5HG0uaSQGstkycHpgrB0zZYml5Yyn9SEbWCeAvldtgvOIVJB9H2CAkfyT94EYJexKdP1amgpqx-ZaireJorRQ63y5LJH6ZIQX5_OR3pZCf1yuYWyrAbp-wjyzGJT2PLnGscXyaZ7oJcxIukL0_ogg7KQgCLjYJ34LGA&cry=1&dbm_d=AKAmf-DCOZWQugwzzTIxiGRexsHAGzuUVxKraf0vauuPjBCI1pzMas1peW4ELmz6PUFnLWtCIXIeFHfFQdlm2VB_kmJrv5iw3C-4VmangZ0vPNRAeRkYlpqJtNtJkB3rPmDYLqJsR6U-r35y6y9SvglXwk2lN3Az_dTQn3Pb8B6L3FlJZ-viaG4YEUuRcTrmQipihijcxh-jGAl7c-DV-e2eKusF7KSzvVFCr9DVuAsiOrG83Rcq4WIrMEjYmHSdiyZUxzEH59kwotbEzqzJSEmfaQn6PGKuh2-bkW7qHfgqBZF0lJFsKyu6Yc0qZrZKbQiBcdUzl0qnUE6lm3F5NCaxtulIqNn3ijDlij-0f1oIYaB08gnVsxD0Ro35BUGHQ3vpGj5L7BDGqGMZqO8YxP50SWdUPYktSa3KMLhHMlcEEL1xr3isiyoAKfcyzcLcFfa2rN0A8FbId1w3UZDV8X8JLiKTdCwhtbaQdF5H058O7M1bboRnuTp6q-Ytv0NaS99PG4DTikJL07zqTqYl8tHuhQPHJMhaACEKOTQqhYmUtOn5IdTx4QBs1N8IO6je-s8SmrGEN2cL68yGBcLxyLyZ8Krdme5Za0ZJaXBIvIAQjHJa56FiWT7b7XEHyRVqfdxw4W4fuUZz7qYYJzp17N8J8uHz3GDLrQRfKrzOEWY9XleQwiWhGfupVH5SFXSWvKFICAqtwTOTVgeLrNVjr8ml8J7UkaOLr3F5fGkBKi4fjR69QGc1QP3OyKFKeqWnliv1lM6C3Xiy3Tn-Oo6aKNzCFOOqIBFoLWNH-3RJImabUNn68dRP3oG3oKipi_inXQr7tKcKO4LT6mJL68KjQwyFMiUOURZ6ub_7YoHRMRaQ8_QLDJnKK128KrQ8OofaJW9pOy_ozIZY5ViYtfJX9fO32QrNmoRGbb9v6PAx4uMZzQmOZCZLyHk4jtSPCC1TnWI9zc6_waigpbz0kGNj5X8m03tvDf0EKNFdgxAopB8jVushq7LA79LfvxcpBuyoKdMeSYTVi5tqXVQ9zlh5i7Abr343994s-jkB7sdoai0RwMCFLQJHk1Omn15uLLpef5g3Dt7QGXLbilZ7o2C04rpG8_HeQz5hdyqk_yqVW6ueyv8-lXWnDBU7bnQ1x7-fyy4LUCFo7DVdKBSgkaLLoM7aHchiixIcdmBFcCOZgbj0CLggFUVGckyOmpitXwYBb1aV00uEK6I_knG4fxN6mgr7vLzjEGu5HKmFlGe_u666Z2JCv0rwZYpP1N6vRuIv16ugm7tXsgeTt-Mb0StO5GZjvKn8SF765h1jyGtMNaNTWC-buppqUfFtCpL5HeRtKX67BAVtg5DgPtEobV1RL6PpUNogTo_LVLehctqeknvlpuBLqxwuEtOdfqG4Ycab97AqFgz4Q9pI9qd8nMYE6a57fNtjQJKUCDFDF7zjhFmcJm6a5Qk6MG0MF6Ajhyk2nTUkaoO-Qt2IbAduea7fHz3QBU4FTI7EkOcAXF3IJWbc-nbjSNTi5QJdym70qgMi9Yt1WAkFRPEfRMBivmNGQxOoyG2RN0hbo2f4t7mVh9t2PeMqmpMEpDqEIzoDaTN1PLVpcC6SAqbJ0oEhBo8Ad-PchwITli_kUZCmfF8ViSrpPbzFMQ0aBXFjLeQXfVlnDoUvO8UKPhAdwjaswJhKkT-nef_hZPedwhR7R-uhos1xeWBSgWRuxbpSdpdFbgzMFH-kcRELW8GCPx6CmF4df6NrCiDG1o7gxopE-VtDIVRQBio-_ju74JnALX-e61KEVspVfv1DinbDQH2jWWiW_98U4Ae5EJNxoYcXSoE2bGcT45fkNVVkcKvpT2Z0O1Uq6xv6VlxheCLrrl02lrHRSQThAByaIpV12MEzKum7HRZJii6IgEo0Z-uPZjcOelThYvdsMBJzXe-gO0e2HMKMaXFDh_iJNgoJAxyrNbUbwZlDWntgO-R_hqDM8ZZVhOogt8bi1Kk5oR6gJC-B4k5slKQvP4qX5cQeoCoTqwh7DuAUqzOVgfT38CSNaSa2VExqLbi9zhvrun25TltWugPMtLPvt1ieQk4ZdIDhMkllPAshjs5tbwr-PXCm6Rqp-utI-tHZkd3IvxUsOsedjekMKqiOsW1xOhEQIBMexqR1i9DZYYNY2Lw1dW7XOykZn_DuLGnGxObP4Db1GUEbaG35D5tV6iapiSbCJQClNDW1ka0xC22EAve_ZUe6dGBCGyUO3CUXYZUYE7dQ5tyU-zINGojUxIvU6soPyDgaGgcwl0e2IWqxdGqmKGIk4T-Cmq-wXzPSZw7dkVjlGoghRcoGIcf5jbsyS3a4vU34sHjthzOTFqa_a4gboQmUvZx-nsfOJSOQgwwIvpjj8XZI4Jlx33bPu41HVPRs7_AMFrSPnvZec0YiYT7QYTLPGjprU_2Zgu_G9__ACNusHHOwQnMM_aQdeRpWhvdciaTyj8M7PViOtfn839U1N_ztsIpghjhGFONm43poGI0gjJyOvthzEUcCydX65eknq-nBI_MD02qwFQBvdst0LtpF_S6wC7piqdx0g7uVoHMAMjcLgkpP2aBkyFCUjm7_o0S5MbUqzgZcrV4B4ATB2bOfp7M0Q7-mAf67u7Wvm-g9QnjlPsjI2YEOs1teTU3U3YrU0gD3Bki3-4cxWOKrnlcslUjfMRYkQlnW7oGjVtp-bbmTaLeO7OqQOlOIMU2GLHVbEKMKl5_VBLB8oRiiSrh25WtfCdCcWAHjleNgYLXR4gPJzfAdJ1jD7MmD5uCwkjPbWzavOh8rkcOZuYWeV-cx2MeqPODuxC7OJu8jCIO7K5QvT5Q48dyzMfuXWVBeBPnM5oqEQoq4gFce8rCx-Uj3eMNXnD2iicYL0ZsD8JdY2GbvLUqUQjTyjdrdEkrnszhctYz3S89-wOebRqVN_R9ny8bxJQzaXTPNhCZ_rWITDDofgW5tfzfH3E1HqEceueAHhYALY6N1H-ZCMQIcP55hptRRInnnNy_iUPT1kkQ2wNw9pcX9nDKNmlzlDVGNjOOI8IK0IFBv2U_7fb7q6kLvwHMkri4iDddwxv2-e8jS_cetHZ_1N3Tna4JXBCFwgfU9B9gyrPtRhngHIwzTjdHezyW31zcRrE6yn-OkU_gZ5zzYmIs6VPRV761GKCwYdAeyvMS571rxlM-zh-7NJxNSE0UhdKJq9HjK1M5o8RE7-UT06ov9oMRuDSp_FXI3aBojbKgdFQamvxRBk1if73O-e1z2wzs9eqz9892V70DANwbjpaupkfW3EGwTKrB5Qs1rvyyWfHmdLV4sb6YgbfnxLJ4zoXfribguB5rGLePV75lNM00EKM20zgpM7G9uZ_QAuBWEORBKueDBaNb7F0SOPNySYCelfu-z4CEQhvIulaBw81oKggwVB0Ap0QMmRK_-qQC8ZjetCGZJ_Lb8_vyVOKr_ad8w-ctMFRkN9BhLTPA62fus1r6trbQqXbsWt6MGwf2D5203fO1f7omCDEOqA44d7STykulZfPK6F0CuWhdQpiNVutDfat3B1o92z9iYIgWfxB7PoAhbfT7Or_cOEAJjzbdbYUNQz9p0zvluRbqKaajbP1_yYwFI0zvP6kjO1QfKyB4yycOq1cwsQOISu_deYKdqO_79uEjgYhutB4AYEiq39KU9nk3B2cfNwO_nOJeHgGIZ7OFoUL4pxAEYtlpsRw6-CAjym67Tj2g95_hZX00WYqn6RT48-qLwPvnEwKm4w25TTkdWD8HAlRVZpx22KhXKaz_dwbL0Cp9dzO4p9GHz9zXTKa6z1L7rXSRcH23-SL5W5rrNWQmXjbWnshuYmkfPwXj5mKx5fKE5ZpQGriKKLvbZ3GC6iBHqZg&cid=CAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=14319050516398428000&adk=3690638928&idt=131&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ceb00641554b7ec9f04b4395fc481f4a7774ba672767cf5fb2dbe41ec3e5ea7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13650
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame EDB4
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxC...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTY...

43 B
449 B

195ms
180ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84d2c3fb3e8c4d86-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 561
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBPkVlMzEJMyaFCJ2g0eDT8&google_cver=1&google_push=AXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRA4Eb9HxdqaivoNdAFevYIdBe6cRFA5FmyxOG1wMr7F6hyLcTvH2nFMo1SybZecZVrLMn95t4PhWVqSwR_tXJVTUtXvTYxCPM%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84d2c3fa0ccb4d86-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDB4
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELetYMWMxHK3fWfeoDi_eiU&google_cver=1&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0TRE_vdEm6DGyzWvtg
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3B7AEDD6975341DC8CC6B353B7CD421B&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0T...

170 B
188 B

48ms
48ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3B7AEDD6975341DC8CC6B353B7CD421B&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0TRE_vdEm6DGyzWvtg

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 29 Jan 2024 16:13:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3B7AEDD6975341DC8CC6B353B7CD421B&google_push=AXcoOmTc8ztvnIfE7ROS-uTt0qjdqwI7S8EOFnHwzsD6I7pKKZ-SmTrMhPJPDyH5dAQcUPb7IR-bZw9TukbpL0TRE_vdEm6DGyzWvtg
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 28 Jan 2024 16:13:58 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame EDB4 0
173 B 62ms
18ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEAASBN9_a5S9r4c_5lP4JlQ&google_cver=1&google_push=AXcoOmS19geKm9DeF4hFRp0KOi8vvPbYajaqm3_GNzKVllZLlSf4IXz5y1Klu-IexV5BEE3RVCkVGekJXyi1sWFoZir5zTw01nGv8w
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDB4
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIR60OKYow6gAzWtnwvJv_E&google_cver=1&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-IpOTsZoEF4J2-ec

170 B
188 B

47ms
47ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-IpOTsZoEF4J2-ec

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 29 Jan 2024 16:13:58 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmQTQY8oLSJ10hAjczO-Ay2ZDgRkAtU0FeTCJkh42QrflwxVkjo49zlp-BS6-bJU-_qJgkmXQnqQ74pCxIQ-IpOTsZoEF4J2-ec
x-host: tde-deliveryengine-production-84477bf6c-2n28c
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame EDB4 43 B
235 B 64ms
17ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGkjepmUnuvpdN72BYasd08&google_cver=1&google_push=AXcoOmQHYZrhAijE2dVJGEnS2FpCM3ONE4pb0RvG83XN4P9LMFlMZeKzPghQ7W0UQylsaGZtK6ozSrmp6FFZAIIddhuhV9R6zaKS9VM
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EDB4
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEKZfIgUxkJtUe1WuTlsxH8&google_cver=1&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLF...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEKZfIgUxkJtUe1WuTlsxH8&google_cver=1&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fx...

170 B
188 B

44ms
44ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLFlnUNm70p93mR5k2KOYz_93I

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmS4G-xcD5k1YFp-O63noPE-LRpWeWFZQ2kZ6g4_1uExtjmHvlxeiNW-qqs7md7A2j6ha2i7fxLFlnUNm70p93mR5k2KOYz_93I
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 trk
ag.innovid.com/ Frame EDB4 43 B
296 B 208ms
22ms Image
image/gif 2a05:d01c:1d8:8102:1ffd:c1da:c0ec:deee
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEB81FrXQ2DbY4QwSg2myvaI&google_cver=1&google_push=AXcoOmTkk86G8S8m6ktosmapEcx6GKE142kZfe_Or7nNwffuW8sVhz0KFdTNpm6fzk7W9iTxRirNcOaAlFH8F_VBzpqFMosL56fPfw
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:1ffd:c1da:c0ec:deee London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cache-control: no-cache
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EDB4 0
12 B 43ms
43ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ImF5axajnaDaMubOFJukX7qctIG5GElWskUdDvGdkKn5ohL7Ltyiu8yn7qP8S0UIxyJtAT

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FA1D 0
20 B 260ms
260ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B3mnjxs63ZanJFqzH9u8P_MiCqAcAAAAAOAHgBAI&bg=!NjWlNXrNAAa8BdJLnAU7ADQBe5WfOM4eDgQlW_cXJI7ykIF0Fv1QeGrrASByOb_KBpXqXF2YeASgnanuSXhMjYnQ7eFrAgAAAC9SAAAAAmgBB5kDVtL-AqlhZp1_7biYDM_-7-P6vzXJKaUK_rKnCaKybRWP7CcLRXb6ehESmjhKO_7eOPX_AaDmNH2nOzkQpPqFIEwkxA0n8QEU_DW3jD7p3AzyZx_Gzi7H1_-LUYE-boygWDWrwS67y2mqGr8rI1l4eIsqYrcot9DH5l5KSZgThu4hUGyxykOptRxhhdMm687mAESk8H0e-XLAUUE4UHZ9pH9vtFrMl--ww5kr6ZEoQw8dZVkKzScQ_WHDWooVydsrACO2_GUTGl4d092Aq_ArDWNGdKTsTrm3Qh54SSuvAtnigfSSEZp1jzT6wqraC3ZNbiI4K-wlBrd-ee0KyXaUZQtviAxeVKxujbaq_ahGE1-e-X87u6_IIyi-xtOYlylDCaTwffA8bEXTo4BKcRXrZweCRANAp0RuCWpMhoDGIuq2La9RH-A-8ZB_2B6RMwiUspTAfaknayZOEHdOFjAaNA_dcHmByRI4L0it7JY82S6fBUVTXLL72U2qR4A0NF3W1VLmCtwJw7--I1rIalayTQM2bDxbHxV4FiNskVX1vInnG5MRbGo4d495wpqKX7KhPQwKa76Xw0Q-vDUUNcArh8G8Ak0Qrv1XJoj3g57ailu7xVzKIe2t_e-HWktd5qcxxi2oFS6T7BgJpNYH7CGEEnGCzje25OjUpl1gMbzqod_88o_kUu9VQEk16WsniwlMc0EZqV5SmPfTO8W5JAAUIuqxOq6aWQqWSxQzo27kL6F_YS-Y8bJf3lYP-35ugIBwEZGNI7WXk_SrR9_luxEFYHsm56kXYAsiVmAt7DPKqqrbZOtFeFAE9bs_1iKaA9HfzrfM-2YWe7MZydeW7gUS0yxX-a7-mxNgKPwxXdyOpv7rOFU-SUfrnGIpeEcH-1pm-vCjkuseGuUni_y0B0XZxD5ls5efVwm-0e9QfhJWQ-CC2O7U1slKtHGPc8blCSzye24PFrjwqgtK7teyt8kDaDsm0CeDV-DWPMtXsL0SSqHGYQXuxJAE16RMAxlAyvw4lwvE1awtt82c8jYbjjv67oWHA-HHQp5obVT2ex5rcp-BGjY3fcmpu-Nfr1F4UfYTqk-HiVcWAMZW8qPzuwqSj9LjIpdxISK-uN2soxZQ_Hf_gg4kKBzn

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7A74 41 KB
14 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcHXV4ALgVdzHT5HG0uaSQGstkycHpgrB0zZYml5Yyn9SEbWCeAvldtgvOIVJB9H2CAkfyT94EYJexKdP1amgpqx-ZaireJorRQ63y5LJH6ZIQX5_OR3pZCf1yuYWyrAbp-wjyzGJT2PLnGscXyaZ7oJcxIukL0_ogg7KQgCLjYJ34LGA&cry=1&dbm_d=AKAmf-DCOZWQugwzzTIxiGRexsHAGzuUVxKraf0vauuPjBCI1pzMas1peW4ELmz6PUFnLWtCIXIeFHfFQdlm2VB_kmJrv5iw3C-4VmangZ0vPNRAeRkYlpqJtNtJkB3rPmDYLqJsR6U-r35y6y9SvglXwk2lN3Az_dTQn3Pb8B6L3FlJZ-viaG4YEUuRcTrmQipihijcxh-jGAl7c-DV-e2eKusF7KSzvVFCr9DVuAsiOrG83Rcq4WIrMEjYmHSdiyZUxzEH59kwotbEzqzJSEmfaQn6PGKuh2-bkW7qHfgqBZF0lJFsKyu6Yc0qZrZKbQiBcdUzl0qnUE6lm3F5NCaxtulIqNn3ijDlij-0f1oIYaB08gnVsxD0Ro35BUGHQ3vpGj5L7BDGqGMZqO8YxP50SWdUPYktSa3KMLhHMlcEEL1xr3isiyoAKfcyzcLcFfa2rN0A8FbId1w3UZDV8X8JLiKTdCwhtbaQdF5H058O7M1bboRnuTp6q-Ytv0NaS99PG4DTikJL07zqTqYl8tHuhQPHJMhaACEKOTQqhYmUtOn5IdTx4QBs1N8IO6je-s8SmrGEN2cL68yGBcLxyLyZ8Krdme5Za0ZJaXBIvIAQjHJa56FiWT7b7XEHyRVqfdxw4W4fuUZz7qYYJzp17N8J8uHz3GDLrQRfKrzOEWY9XleQwiWhGfupVH5SFXSWvKFICAqtwTOTVgeLrNVjr8ml8J7UkaOLr3F5fGkBKi4fjR69QGc1QP3OyKFKeqWnliv1lM6C3Xiy3Tn-Oo6aKNzCFOOqIBFoLWNH-3RJImabUNn68dRP3oG3oKipi_inXQr7tKcKO4LT6mJL68KjQwyFMiUOURZ6ub_7YoHRMRaQ8_QLDJnKK128KrQ8OofaJW9pOy_ozIZY5ViYtfJX9fO32QrNmoRGbb9v6PAx4uMZzQmOZCZLyHk4jtSPCC1TnWI9zc6_waigpbz0kGNj5X8m03tvDf0EKNFdgxAopB8jVushq7LA79LfvxcpBuyoKdMeSYTVi5tqXVQ9zlh5i7Abr343994s-jkB7sdoai0RwMCFLQJHk1Omn15uLLpef5g3Dt7QGXLbilZ7o2C04rpG8_HeQz5hdyqk_yqVW6ueyv8-lXWnDBU7bnQ1x7-fyy4LUCFo7DVdKBSgkaLLoM7aHchiixIcdmBFcCOZgbj0CLggFUVGckyOmpitXwYBb1aV00uEK6I_knG4fxN6mgr7vLzjEGu5HKmFlGe_u666Z2JCv0rwZYpP1N6vRuIv16ugm7tXsgeTt-Mb0StO5GZjvKn8SF765h1jyGtMNaNTWC-buppqUfFtCpL5HeRtKX67BAVtg5DgPtEobV1RL6PpUNogTo_LVLehctqeknvlpuBLqxwuEtOdfqG4Ycab97AqFgz4Q9pI9qd8nMYE6a57fNtjQJKUCDFDF7zjhFmcJm6a5Qk6MG0MF6Ajhyk2nTUkaoO-Qt2IbAduea7fHz3QBU4FTI7EkOcAXF3IJWbc-nbjSNTi5QJdym70qgMi9Yt1WAkFRPEfRMBivmNGQxOoyG2RN0hbo2f4t7mVh9t2PeMqmpMEpDqEIzoDaTN1PLVpcC6SAqbJ0oEhBo8Ad-PchwITli_kUZCmfF8ViSrpPbzFMQ0aBXFjLeQXfVlnDoUvO8UKPhAdwjaswJhKkT-nef_hZPedwhR7R-uhos1xeWBSgWRuxbpSdpdFbgzMFH-kcRELW8GCPx6CmF4df6NrCiDG1o7gxopE-VtDIVRQBio-_ju74JnALX-e61KEVspVfv1DinbDQH2jWWiW_98U4Ae5EJNxoYcXSoE2bGcT45fkNVVkcKvpT2Z0O1Uq6xv6VlxheCLrrl02lrHRSQThAByaIpV12MEzKum7HRZJii6IgEo0Z-uPZjcOelThYvdsMBJzXe-gO0e2HMKMaXFDh_iJNgoJAxyrNbUbwZlDWntgO-R_hqDM8ZZVhOogt8bi1Kk5oR6gJC-B4k5slKQvP4qX5cQeoCoTqwh7DuAUqzOVgfT38CSNaSa2VExqLbi9zhvrun25TltWugPMtLPvt1ieQk4ZdIDhMkllPAshjs5tbwr-PXCm6Rqp-utI-tHZkd3IvxUsOsedjekMKqiOsW1xOhEQIBMexqR1i9DZYYNY2Lw1dW7XOykZn_DuLGnGxObP4Db1GUEbaG35D5tV6iapiSbCJQClNDW1ka0xC22EAve_ZUe6dGBCGyUO3CUXYZUYE7dQ5tyU-zINGojUxIvU6soPyDgaGgcwl0e2IWqxdGqmKGIk4T-Cmq-wXzPSZw7dkVjlGoghRcoGIcf5jbsyS3a4vU34sHjthzOTFqa_a4gboQmUvZx-nsfOJSOQgwwIvpjj8XZI4Jlx33bPu41HVPRs7_AMFrSPnvZec0YiYT7QYTLPGjprU_2Zgu_G9__ACNusHHOwQnMM_aQdeRpWhvdciaTyj8M7PViOtfn839U1N_ztsIpghjhGFONm43poGI0gjJyOvthzEUcCydX65eknq-nBI_MD02qwFQBvdst0LtpF_S6wC7piqdx0g7uVoHMAMjcLgkpP2aBkyFCUjm7_o0S5MbUqzgZcrV4B4ATB2bOfp7M0Q7-mAf67u7Wvm-g9QnjlPsjI2YEOs1teTU3U3YrU0gD3Bki3-4cxWOKrnlcslUjfMRYkQlnW7oGjVtp-bbmTaLeO7OqQOlOIMU2GLHVbEKMKl5_VBLB8oRiiSrh25WtfCdCcWAHjleNgYLXR4gPJzfAdJ1jD7MmD5uCwkjPbWzavOh8rkcOZuYWeV-cx2MeqPODuxC7OJu8jCIO7K5QvT5Q48dyzMfuXWVBeBPnM5oqEQoq4gFce8rCx-Uj3eMNXnD2iicYL0ZsD8JdY2GbvLUqUQjTyjdrdEkrnszhctYz3S89-wOebRqVN_R9ny8bxJQzaXTPNhCZ_rWITDDofgW5tfzfH3E1HqEceueAHhYALY6N1H-ZCMQIcP55hptRRInnnNy_iUPT1kkQ2wNw9pcX9nDKNmlzlDVGNjOOI8IK0IFBv2U_7fb7q6kLvwHMkri4iDddwxv2-e8jS_cetHZ_1N3Tna4JXBCFwgfU9B9gyrPtRhngHIwzTjdHezyW31zcRrE6yn-OkU_gZ5zzYmIs6VPRV761GKCwYdAeyvMS571rxlM-zh-7NJxNSE0UhdKJq9HjK1M5o8RE7-UT06ov9oMRuDSp_FXI3aBojbKgdFQamvxRBk1if73O-e1z2wzs9eqz9892V70DANwbjpaupkfW3EGwTKrB5Qs1rvyyWfHmdLV4sb6YgbfnxLJ4zoXfribguB5rGLePV75lNM00EKM20zgpM7G9uZ_QAuBWEORBKueDBaNb7F0SOPNySYCelfu-z4CEQhvIulaBw81oKggwVB0Ap0QMmRK_-qQC8ZjetCGZJ_Lb8_vyVOKr_ad8w-ctMFRkN9BhLTPA62fus1r6trbQqXbsWt6MGwf2D5203fO1f7omCDEOqA44d7STykulZfPK6F0CuWhdQpiNVutDfat3B1o92z9iYIgWfxB7PoAhbfT7Or_cOEAJjzbdbYUNQz9p0zvluRbqKaajbP1_yYwFI0zvP6kjO1QfKyB4yycOq1cwsQOISu_deYKdqO_79uEjgYhutB4AYEiq39KU9nk3B2cfNwO_nOJeHgGIZ7OFoUL4pxAEYtlpsRw6-CAjym67Tj2g95_hZX00WYqn6RT48-qLwPvnEwKm4w25TTkdWD8HAlRVZpx22KhXKaz_dwbL0Cp9dzO4p9GHz9zXTKa6z1L7rXSRcH23-SL5W5rrNWQmXjbWnshuYmkfPwXj5mKx5fKE5ZpQGriKKLvbZ3GC6iBHqZg&cid=CAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=14319050516398428000&adk=3690638928&idt=131&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 11:54:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 361181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jan 2025 11:54:17 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNjU0NDgzODY2MDY4NwogIHNlcnZlcl9pcDogMTI2MDY5MDQ0CiAgcHJvY2Vzc19pZDogNDI2MTQ2OTEwNAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 7A74 0
596 B 292ms
197ms Image
image/png 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNjU0NDgzODY2MDY4NwogIHNlcnZlcl9pcDogMTI2MDY5MDQ0CiAgcHJvY2Vzc19pZDogNDI2MTQ2OTEwNAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA0Mjc0NTk0OTI2NTM5NzA0NzM2CmRlYnVnX2tleTogODk2ODAyNTYyODIyODM1MzY5MwppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMjkiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTQzNwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjE2Nzg3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjIuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0x5d5c0de4abc214df0000000000000000","13":"0xbc89ca425f96bc6d0000000000000000","14":"0x3f37ddbc01a779740000000000000000","15":"0xdb6cfb11a84a8580000000000000000"},"debug_key":"8968025628228353693","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"4274594926539704736"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 33lgkyejwpt3 Show response
hal9000.redintelligence.net/zone/ Frame 7A74 11 KB
4 KB 41ms
12ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1706544837902055&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Lutzingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 3eb84b1df931a67f1481860f0ebd3041fbe7568906df648e9cc031e9c514118d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4187
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
hal900016.redintelligence.net/ Frame 7A74
Redirect Chain

https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

94ms
73ms

Script
application/x-javascript

138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 4b4b5ba280276a9c80c457ea4a51d078f7763d3f26ff216915785c66ad66241d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Jan 2024 16:13:58 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 86967400146308304444556012584016
Connection: close
Content-Length: 1153
Expires: Mon, 29 Jan 2024 16:13:58 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 29 Jan 2024 16:13:58 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 29 Jan 2024 16:13:58 +0100

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A4C6 38 KB
13 KB 54ms
54ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 361181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Jan 2024 11:54:17 GMT
expires: Fri, 24 Jan 2025 11:54:17 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 103ms
103ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1za,pingTime:-10,time:414,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjIyNCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1706544838831%7C%7C307639a3be2c61e2ec461ee8c5c0b370%7C%7C09dd4f7e094d0daae996260c074cbdea%7C%7Cd2057e126e5571658cb8ac13cd19670a%7C%7C2cb33be9d8029f30b96fe7cb2d4756c0%7C%7C1f85df29208eb51aba18dd595a05c6c6%7C%7C99231142d40005ea24108f2c51221ecd%7C%7Cc56d18242202450e7ccab2655c06bb2e%7C%7C1663701684%7D
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame A4C6 39 KB
15 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 09:45:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Jan 2025 09:45:49 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13894780418547388753/120x600/ Frame 5F45 10 KB
3 KB 155ms
52ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1550bce995a4397466ef53419df3990ac47fa6b4a95e25a40a2bf192ad6a6014

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 491494
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3401
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 23:42:25 GMT
expires: Wed, 22 Jan 2025 23:42:25 GMT
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame B012 0
0 70ms
70ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsspsAGrZfPmIj7zVVNv0_sTBzIPaG4uGUEhiABpFIZM1qLC4vRCiKTQ894CBvoRGitAuoXdQiIqytkLon46m-vK8uebislaZ5UMPGyXB0Sx8USzM7CLy2kFrM3oEPhmKMcIU6h7JBvR1udFhZ__bHrDiodfM73HhOuOgX5M6g5go1XwPojLzIfc3ScxRka_OTc5eiXW9yUnfuzagKzztxo97tJtPQlVKcd00A&sai=AMfl-YSu4dNSb2v3qjxC8ZUekfDBFLBYUsl7s4aawyg-FgYxe-BgWxbQEfmc0Bf75K96PZzjS-YqkweSRU2m2Ayb9b_Cx7nY9vAzEyk2wWzoJemaTaz7LnsE0KoS_rKMXbrOqTU9L7LSdqQzyW8h3w&sig=Cg0ArKJSzC7MaN4gM7hDEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9uZXNwcmVzc28uY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=275&cbvp=1&cstd=273&cisv=r20240122.91273&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Jan 2024 16:13:58 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2945 42 B
174 B 262ms
261ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssO3fE20OKRY_AzRIXu63TLQZOAQgAS0PuTQRYdiqx8GjMCHiE6hApoqEVXy58c2cXtArGa3ib9Rgq4KGQWpQOT9V0BVims6-WWXHiS3CvFjBmOLL7WYIwJZfHy90IXisayrMWKdKsqGbBKM5NJwB0T0g&sig=Cg0ArKJSzH1PBHpZ1uwWEAE&id=lidar2&mcvt=1005&p=20,642,110,1370&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20240124&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2649920363&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170654483700&rst=1706544837575&rpt=287&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C0C0 42 B
108 B 261ms
261ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstXcTeW4onNvMc1ELTb_Ccr39Khqc3K_YuhpklG0uSXA38B03x0HBlrBIxuqYoxi8AyJ8VxB1kZ22ZPLvPN8LT3Y5TM-JS6uRg3Dit9lyMOOZaA6i9DKXoXPKAnScikifcJ6XOqVVAl5nZYYG0TGRt7A&sig=Cg0ArKJSzMLkiQO0DN6eEAE&id=lidar2&mcvt=1006&p=204,1205,804,1365&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20240124&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=695397921&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170654483700&rst=1706544837591&rpt=278&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9018 42 B
108 B 261ms
260ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuJzeT3LWsde4BqSkE-QvSxQfPLbKn6CUM0mo7tN91Vc36O1plc8SIYCz83NbxNKRSwcy0z-q_Ek3_Qt5BD6uxKza8gAcmXXyzATuWXVGlLUitIoPKqff0j1goGO16mdIWBgATRQzupcclGAOJd1Hh3mQ&sig=Cg0ArKJSzI19DGsOI2mDEAE&id=lidar2&mcvt=1009&p=692,230,1292,390&mtos=0,1009,1009,1009,1009&tos=0,1009,0,0,0&v=20240124&bin=7&avms=nio&bs=1600,1200&mc=0.85&vu=1&app=0&itpl=3&adk=3804964394&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170654483700&rst=1706544837560&rpt=358&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 4894 0
327 B 72ms
28ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Mon, 29 Jan 2024 16:13:59 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2

200

htlp Show response
futalis.de/ Frame 061A
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=86967400146308304444556012584016&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219

350 B
401 B

62ms
16ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 29 Jan 2024 16:13:58 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2

200

activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405 Show response
5994599.fls.doubleclick.net/ Frame 10A1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405?

2 KB
1 KB

157ms
156ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405?

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

a18f6716c98468c92091f6d35cc43722c5ab981bf8711820d04e6407e1614a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 906
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:59 GMT
expires: Mon, 29 Jan 2024 16:13:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 16:13:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame A2BA 7 KB
2 KB 33ms
12ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=ca67bc7a41&subid=&uid=6fa1b547405a51d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCCCGYxc63ZaeHN97Cx_AP-96ZyAOm5b2gaZ2cnKfJD_AuEAEgsIypBmCV4pCCoAfIAQmpAiyU_HG8KLI-qAMByAObBKoE_gFP0Plk2Qs0nKeLNcfuhQu1CCRF7p3JLNVcTFYjlslFO65zH4Wt75-Uk1f4UytWhNVchP-_O3r9AhCsTzYPHOBcqBV_d2yTqgtukJ1IDUtjhPAyeLcWRk1atCpPgIdNDG2OuqSkyDEFDzwG8JzmObMG8a28gGSlHX2Ypp05BX4VCruBSBz9bEgMD8SEETRagiUYNEVRVEqpVFqt4KKJaUYR3yfS-8fPYod10z5_-C3SLTYf1mtieGZNXDaXHlhAM51e0dJ9MP4zging4fsenXaKkeOaeVUwTTCKSoMR5Au0xvIpxMWDm3ePURCYSN2bPmaB_1GRccvNyBaqriajV8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliW3NH2_oKEA4AKAZgLAcgLAYAMAaoNAkRF4g0TCOjI0vb-goQDFV7hEQgde28GObATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPAAvHhf_kd2E9nyUpDAo6UVNAX0iSHysGEAby9LGxs5p26a1B3L2KpBaV38YW-0JeAZCDnDt5oJCldQSQhgB%26sig%3DAOD64_0zoeb4n9dEeK0dVZjteZDoNFkVoQ%26client%3Dca-pub-4875329658179347%26dbm_c%3DAKAmf-AeJFEQP0w2jpL8oNrjKEnYwvunndiQ_BmcfCWSprw-kZsCiiJ2rrzxRVfmz-WKbcXegOnkuuSTpcUfOPsaz32bOXUqhvksPZO7mYNta3rUYgolTx0aP-F1x1Cw5W2WNNHq-vPYNPtyMgiWK2A7z7ZbvcrXXpa0hnSZDvls-UJbUeyjlx8%26cry%3D1%26dbm_d%3DAKAmf-BP3XPel0omQHrn90DdM1IN_yqJmIEU7uYGbcyUjMZOf8FSDCovu1sDMGQ0E0ITVHu2t96gv8tpJAOpNMsCkXZIIVtkaomoc3yWGniUyaNbAihALQnfTm58_dt_W8ldFYZqFDQXd4ThUIrhNjwfFMDa2L7UThMMT5bVnT8C2wRoPCfrEAGuJNqX8hTbFlSzKGTJLxI1jFlmJa-Z9zKjUnnKKFArM9x1mWSerCgvi7B96CGrBQdHjalu64bJSiTr-CkyswXUdrzN2oTS2j9tkzSC-Fw8pSq1BCGlYp1lTGt-ceHuUp4CR_F7s_KsQ67q7wxgLMxAGsLtPqjZeBNkc9ROBX4vBKQMDJfvfnl7Sh87EPBiNMULVDeynffVZvpCO7kjzUf6M_dKW5jmi7BLnE7OWJt4PkEV6afwj0WPUrSrcD4vztDffFqlIRFxMUb6YHqkUhRl4jjndz3TDHupq6e9u2vDcgyMdZDi8mtCo_Shn4X_0eS59HtERrQuq4Xhj7uTMcATOgzf8PSih5f1G-vTXbGpVNrgv0zkRGscUlAkeL363MnMDBcHmUEhdwvZng_cFD9r%26adurl%3D&documentReferer=https%3A%2F%2Fwww.theatreinchicago.com%2F&ancestorOrigins=https%3A%2F%2Fwww.theatreinchicago.com&random=2823890324127&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5755d76cf8eeb03fe52f7240a36a8fe311aa40778d3428dd1c2ef0b03ea3a530

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2050
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Jan 2024 16:13:58 GMT
Expires: Mon, 29 Jan 2024 16:13:58 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7A74 43 B
705 B 134ms
93ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=86967400146308304444556012584016&pv=1

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Jan 2024 16:13:59 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 7A74
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
360 B

24ms
24ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=86967400146308304444556012584016&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Mon, 29 Jan 2024 16:13:58 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 21C2 1 KB
643 B 51ms
50ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 25228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jan 2024 09:13:30 GMT
etag: 48472445140208031
expires: Tue, 30 Jan 2024 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7A74 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6f0b598df835487016d838afb7b9b35e5d94d43cac047905cd8b0645db76287

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame A2BA 5 KB
682 B 61ms
60ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jan 2024 16:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jan 2024 15:54:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jan 2024 16:13:59 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A2BA 27 KB
27 KB 34ms
12ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Lutzingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: d7fed405340f6bd8f2c66c99a9c60051a98e5938a56f17f9c0bc0c9b9795ba4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:59 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27271
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A2BA 27 KB
27 KB 35ms
13ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Lutzingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 9884ce2d33f1941b6d06cdbb288c3caf421f2be3870831ef2f48dca6061f5471

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:59 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27708
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame A2BA 20 KB
20 KB 35ms
14ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Lutzingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 9e0c5c7c994e9239e1c893780b86d08c99428c122b615b6bd8ca21b2fc694a49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:59 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 20629
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 21C2 70 B
149 B 194ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEuK1iGQ5rXh9d-AXSiICPc&google_cver=1&google_push=AXcoOmT5OJeZmT39Y2Mff2PgoVKIDhVexTExMGs4QbUigGdw6T2Zwf4-waxvov9JLeRJPEpcRzuk1ZB1KRlgTALKh-7HBK_KT7C0LlCI
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 21C2 0
187 B 60ms
14ms Image
text/plain 98.98.134.243
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESENSIFfr4i_XqBd0vy70oEd8&google_cver=1&google_push=AXcoOmTZSwnbckjso97Dbayj6xeZk6S99Cg9XhPwXh-qzk1sexV4YjiufaNdM41V8hPuZlj0mKQaemDguoFD3Cnp_qyHQtgltJHYR6g
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 98.98.134.243 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 21C2
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFcARgSOE0_dag73GKIiGWE&google_cver=1&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQp...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQpeX6Rkj7wym0cd2U

170 B
188 B

45ms
45ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQpeX6Rkj7wym0cd2U

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 29 Jan 2024 16:13:59 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=-SAFCjm1Sj4RJbLUV8LlNg&google_push=AXcoOmTPeaQg97EcKywOGVM7B8XutByWz8WIRKrDJsa0YnEKrwwi7uznbWWu3rSAvsh90PJDKKoDL9mqm9FBgfQpeX6Rkj7wym0cd2U
x-host: tde-deliveryengine-production-84477bf6c-fth7t
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 21C2 43 B
235 B 18ms
17ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIbMLE_tIMPdXbDSFwItcTY&google_cver=1&google_push=AXcoOmSzaC8h7PiEjXzaU1gsX9OjURTNy8Nh8pS9W54duJGisqgoUXJt_2XhBD9hIdhwG_6My2r2ad1P9Flcht7OUqcUSzFH-X9lD3A
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 21C2
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFkxoI8bqtwRJx6aownOfDA&google_cver=1&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHmQH...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHm...

170 B
188 B

45ms
45ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHmQHLRE6TRmrGUBivKgPDWVZXcO0

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQxMjYyOTkyMTU1NDE3Mjg3OA&google_push=AXcoOmR8TGs-47XPG2YOhJfad7aytSvhnmKdfCr2sAzRVA59Jr7kcG3yf7ok8U2kDwm8ZxLx8WnOHmQHLRE6TRmrGUBivKgPDWVZXcO0
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 21C2 43 B
363 B 51ms
15ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQiywqafEA2KC5nYHJI6GWjVwHo3W8uPRMxKFjI4uIKU93jbdNSbVoKEzqFygYVOonHiW-QCa1aLV9h52WtD_JbtroP4SBRPfJG&google_gid=CAESEPAvpJMJvfZNTkQzyiJAQhw&google_cver=1

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:58 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 235039
expires: Mon, 29 Jan 2024 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 21C2 42 B
204 B 56ms
20ms Image
image/gif 34.160.236.64
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJPPby3-FAsL9HSEf74HNho&google_push=AXcoOmRMrWOqCS81TTJmQjx4PDspBI6bfbyxAn0g-TkH_KtHgtE0Yt8pmzFD9hXsU3T_XrnoI2Qcn13TsA4Ksn_X1hIBL6Pk3YHtPteu&google_cver=1
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.236.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 64.236.160.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
via: 1.1 google
last-modified: Thu, 19 Oct 2023 06:07:48 GMT
server: nginx
etag: "6530c7b4-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 21C2 0
12 B 44ms
43ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lb97JovL366aFwTtKNTx0d-OgcDkkzEXjCp3I7Jrumcz6h_sBzvRl8-rNOuPtNjgJQGr28

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 44 KB
44 KB 53ms
52ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2aa774d67c4ddb23c4a776253b85cfc6e90ece3c39208e0c849d9a3d0c764676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Sat, 25 Jan 2025 01:05:30 GMT
date: Fri, 26 Jan 2024 01:05:30 GMT
x-content-type-options: nosniff
age: 313709
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44838
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1a.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
1 KB 51ms
51ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09ada055514547f02f36a5aa9d563eac424a648da220089d4e22bd7b1183f5c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 16:01:18 GMT
date: Mon, 29 Jan 2024 16:01:18 GMT
x-content-type-options: nosniff
age: 761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1241
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1b.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
1 KB 73ms
72ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f66dd2ae2b11df82e04551d723cb41e49182c3717c6079d22b59ef2da492693

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 16:05:54 GMT
date: Mon, 29 Jan 2024 16:05:54 GMT
x-content-type-options: nosniff
age: 485
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1188
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1c.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 990 B
1018 B 74ms
73ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1c.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

506e6914d788c14e1cbf2827e3ff8517babd7f3ba8971f10b59b29f2580093aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 15:25:10 GMT
date: Tue, 23 Jan 2024 15:25:10 GMT
x-content-type-options: nosniff
age: 521329
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 990
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1d.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
1 KB 75ms
75ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1d.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

811f65a186d4c9c08fd959619ca7734d5b05b98c0f70adfd7e2038826103b4b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 08:49:51 GMT
date: Tue, 23 Jan 2024 08:49:51 GMT
x-content-type-options: nosniff
age: 545048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1151
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1e.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
1 KB 122ms
122ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1e.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a37dce7f31939a26dd8d69fe60973b638cb63cbdf943b7d06448212ce28ceb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 08:40:41 GMT
date: Mon, 29 Jan 2024 08:40:41 GMT
x-content-type-options: nosniff
age: 27198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1138
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1f.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
2 KB 127ms
126ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ba376d86abfce3baa4cc9deefa9d84d92ea6492d3f84c5719f1fbcc864c7464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 28 Jan 2025 08:47:56 GMT
date: Mon, 29 Jan 2024 08:47:56 GMT
x-content-type-options: nosniff
age: 26763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1532
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 text1g.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 1 KB
1 KB 123ms
123ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/text1g.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e656a85a9388067424ff6ffbaec403df44b49c20b9d771fef6724ef0d3bfca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 23:44:52 GMT
date: Tue, 23 Jan 2024 23:44:52 GMT
x-content-type-options: nosniff
age: 491347
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1093
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 2 KB
2 KB 125ms
124ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fc613fa1d633bee317a42d0f254d687b7af02788b378fc3e8ac3b1741ceccf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 23:02:59 GMT
date: Tue, 23 Jan 2024 23:02:59 GMT
x-content-type-options: nosniff
age: 493860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1806
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/ Frame 5F45 2 KB
2 KB 128ms
127ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/img/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5899725f342c0656cf8be10c77670ef42446d9cc15b854e32281f979cc9608ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 22 Jan 2025 23:02:59 GMT
date: Tue, 23 Jan 2024 23:02:59 GMT
x-content-type-options: nosniff
age: 493860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1591
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 08:16:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5F45 109 KB
37 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13894780418547388753/120x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37530
x-xss-protection: 0
last-modified: Tue, 06 Sep 2016 20:51:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Jan 2024 16:13:59 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 061A 5 KB
5 KB 10ms
10ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3496459219
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1CJ,time:635,type:e,im:%7Bpci:%7Btdr:508%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:635,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B628~0%5D,as:%5B628~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:111,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:20,sis:182%7D&br=c
Requested by: Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
server: nginx
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 259ms
259ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401230101&jk=2633222901932391&bg=!s7ClsP_NAAa8BdJLnAU7ADQBe5WfONA3mQvDlMnDKQbDc1gQcRKWAR-hAs2L-SpTlTwhXscZUasiqHeW10tteUSbsQxpAgAAAC9SAAAAAmgBBwoAtLZyAN3vdTHrKhZtc7EGt6fkBC6EtXBaJMvVl4BxVyy5ctgf9AJL8bN5oZ17zZ_5sy4vvhMhTq2vDCOriYJXmfgGBOvFzSUbn9m0JdVuow4T4IyECkwOdSZSUowBNhsf3TvjjyYVo4K5-NUfMcTKHdBuD99k75ke0P2ZxjRdh6ffBTnheKp68xRTNjoctuMT3ZOW81ROAkgDJJ3gAk3czG-7w25dUgYxv7W_Q3n-xau_jalyJpkCw65p9zg6jlr6yShj8c1wYXeeVtxgUot_O3ukwbLQMZ34gxACMCcU9SYbP4DlbjBtaItyhPgp8QfaPoGBakK6YTnSAKXaCp7CbH8OyOJqfnRueT3mjhK1FyAsVU7F6ugUbvlThd2tHY5h7ISHJ_Nm1ppAMBQtq3oO_UY5UTNFT5_p0WyzWS8602lqvWKoMTmqqGVUAvH0LR6RfSKi6Kbnr30g7pQjUOg1rKAhZFTjpyPdlKJc-OCJqff2dis17g8GhEe1bJ2ZtNOjFHzaeFj6tSap1gH9IkyZNO05P340NtDapS4nVDi7jdr4PZ84qjwkoWfV3ugiLN86m0QuGc6TbZtoVu38wlH17pSgMqWxmwELVkmDut1LuTYlItgN8qAS28i4zBiowP7Yh4fJJwyx9-WbhUwj2lhryT7EjezF3e-yZCjXzBgULObVkIMp9UZPjzjsEFBmtwuv9t6e6TsBVNJ5ujUwKAEQngmbwIM0hkWZqv3UlWjLnoVS6AZFHO1ai32-CaSm9NZR0SfbCJK5YYjrDGDQyFtzsgUz04rDoWThX-cLB-jUiDYLxAaMupx6D-xp7Q1s20AdxGst-KCMiApB1QPmaMAIU3nrx0I0kYnotdIWkaZC7XofA5B-cB6C_xftNTBshVmWuPkC4tX7Jwh1FRi0YgLjpHrifmErnrvIdoIHV8_1f4qu95aYrBpXDMcyjz2NTfWDbe9i4Hi8ExLw2BOuKSyzQTpFt_6Xwx_0pT1T3QuBwJte0ibhqBfLM6HrCF1Q-9o_3arHGVO1CRGpqXSlDtq8X_k1tgxAVpUNTfMKPGmTwnMOzS4Ol07dIMR7mj2tZgccYPH2PUOaqFJyvctV4j8hQVQ-3M4H9n_cnL75i2YaWj6odiGe4l2GltF_ZMNhM0q3CL3mXUg04_0L9Q9OmZRH8YtqyMK-nEjtgqX9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame A2BA 0
150 B 33ms
12ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=86967400146308304444556012584016&a=0b183dbe&vb=m
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/request_content.php?s=86967400146308304444556012584016&a=68e80ed9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 29 Jan 2024 16:13:59 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A4C6 0
20 B 259ms
259ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Blbjkxs63Zc-pKLTSjuwPsLeD8A8AAAAAOAHgBAI&bg=!8fKl8r3NAAa8BdJLnAU7ADQBe5WfOLH6GFibuUSVktvuZ1bue55uLDmnJjfdGMsvQWEr7PP-ULIeTrYVFD2zJ9PdHlQLAgAAAHBSAAAAAmgBBwoAAxQfKZkDHwZHpSQyji_Wmwj8pjgWGknqtyKUOz7V_sIjNuraaoMpE0ZYAQBQmdiLX8odlaLBb83Ogs4HmtZfN7qioDk2m_cZ970VEU_u8zyH2WGKbJ4MgdSeuw1-PoH9ummdoXSAQXJWxYYLa4Lpw1oZejhuOX70PQRxQcIpgB7UjL_OqQZkLxUHJSEXuBJxGUc4ntaypSTT1WnRJ84akWtOZ76-2S_Xrici_fWRt8Lp43PvmiGak_lhhCyb523Er99LYV01g12CrqzT3T7UfzPSptOxAFxeqZjiyEzQ8TcceqYhJZvR4SwXDAxVtTlX2UywVOBZ3RFM82mubzoUylSrgvv_EF2EEw4f57Pu6_vjAib6KXeK8bHo2J5bsTFClW1mD73dRLJgGy3NlsqRyGkAQqsVsKxFYom9HQyUsDHUQa6kwQd3hKfhr20I1ZrWdUW2L4Z2Xvl3ezNOGaXlZGh-vN5mocWwJm1oJoJqnLUHEY3eoz3qub5GPBIji9iUxFGlAnEJ21M1zaNZHRNKAzIghF4v9W5Hm0R16UjroUKWflDxPpzL3CZ8Vara8lNsRKOTVUSUEg81IFSo92lDISGp4gzNs3lswqp81HPxTFaEX4np6zBmz2wTlxctQ-TyDgEFihBzFo2xj86JOUAK11ufvOdbrgdezlli2EeKWVoV2u3fOTG1MfTXZE-uXzRQuaHRyDEt-TYhLJNq0GoNQWnvg7VWPeMMDHsIGPX5UJtapUBoZ2wlqmMBZqgmSDUuyMN42BNw8W7iSFRDVYcG9yHuh1bqb55JpF8jwknMBJMPQE-9QCoL2pxYEOpcS6tPO3FqDy3EI0jHAXVGnkR9fg2g3cuje9TxnEocNejtROT5pAtbDjUvUdnRBrqLXSKtIz-R9WKOkadsOCyoKx1aFTOQRWzsGKZUY84EBGVBHGmGgvToyRxqnMIDWpHfbM9CWpnXy8J0ICskSebYc_ikBLIN1J88NKvQ-FzMVsr48vsmBkJEswtFJHKWxQxigv93GidimXLdcN2bL1QsJUtG2fal1jsvID0FtoX9RM8IREHz6oksQqE

Requested by

Host: 40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
URL: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame A2BA 14 KB
15 KB 51ms
51ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900016.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 23:27:00 GMT
x-content-type-options: nosniff
age: 492419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:27:00 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame A2BA 15 KB
15 KB 53ms
52ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900016.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 11:28:26 GMT
x-content-type-options: nosniff
age: 17133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Jan 2025 11:28:26 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame B012 0
0 72ms
71ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsspsAGrZfPmIj7zVVNv0_sTBzIPaG4uGUEhiABpFIZM1qLC4vRCiKTQ894CBvoRGitAuoXdQiIqytkLon46m-vK8uebislaZ5UMPGyXB0Sx8USzM7CLy2kFrM3oEPhmKMcIU6h7JBvR1udFhZ__bHrDiodfM73HhOuOgX5M6g5go1XwPojLzIfc3ScxRka_OTc5eiXW9yUnfuzagKzztxo97tJtPQlVKcd00A&sai=AMfl-YSu4dNSb2v3qjxC8ZUekfDBFLBYUsl7s4aawyg-FgYxe-BgWxbQEfmc0Bf75K96PZzjS-YqkweSRU2m2Ayb9b_Cx7nY9vAzEyk2wWzoJemaTaz7LnsE0KoS_rKMXbrOqTU9L7LSdqQzyW8h3w&sig=Cg0ArKJSzC7MaN4gM7hDEAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9uZXNwcmVzc28uY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=584&vt=11&dtpt=309&dett=3&cstd=273&cisv=r20240122.91273&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 103ms
102ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV1Ff,time:791,type:e,im:%7BpLoad:765%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:791,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B784~0%5D,as:%5B784~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:104,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:20,sis:182%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405
adservice.google.com/ddm/fls/z/ Frame 10A1 42 B
401 B 316ms
205ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CNK_tvf-goQDFdLp9gIdLawMEA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7538777579399.405?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDU5OTQ1OTkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZXN5bmRpY2F0aW9uLmNvbSIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IENPTlZFUlNJT04K...
ad.doubleclick.net/ddm/activity/ Frame 10A1 0
22 B 188ms
187ms Image
image/png 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDU5OTQ1OTkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZXN5bmRpY2F0aW9uLmNvbSIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IENPTlZFUlNJT04KZGVidWdfa2V5OiA2NDU3OTkxNTcxMzIwOTk5MjMyCmN0Y19jb252ZXJzaW9uX2J1Y2tldDogNQphcmNoZXR5cGVfaWQ6IDEKYXJjaGV0eXBlX2lkOiAzCmFyY2hldHlwZV9pZDogNAphcmNoZXR5cGVfaWQ6IDUKYXJjaGV0eXBlX2lkOiA2CmFyY2hldHlwZV9pZDogNwphcmNoZXR5cGVfaWQ6IDgKYXJjaGV0eXBlX2lkOiA5CmFyY2hldHlwZV9pZDogMTAKYXJjaGV0eXBlX2lkOiAxMQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFyY2hldHlwZV9pZDogMTYKYXJjaGV0eXBlX2lkOiAxNwphcmNoZXR5cGVfaWQ6IDE4CmFyY2hldHlwZV9pZDogMTkKYXJjaGV0eXBlX2lkOiAyMAphcmNoZXR5cGVfaWQ6IDIxCmNvbnZlcnNpb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IENPTlZFUlNJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQUNUSVZJVFlfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDYwMzI2NjkKICB9Cn0KY29udmVyc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogQ09OVkVSU0lPTl9ESU1FTlNJT05fQ09OVkVSU0lPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMjkiCiAgfQp9CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA1NzA0MjUzNDQKZ2NsaWQ6ICIiCnRyaWdnZXJfZGVkdXBsaWNhdGlvbl9rZXk6IDExODkzNTkyNzUyODk1NjkzODI2Cg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"11893592752895693826"}],"aggregatable_trigger_data":[{"filters":{"14":["6032669"]},"key_piece":"0xd0a2ff25b4bd19d3","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0x5593073df5835d29","not_filters":{"14":["6032669"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["6032669"]},"key_piece":"0xb8653bc1abe028a0","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0x4138205ca9de26b2","not_filters":{"14":["6032669"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"6457991571320999232","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"11893592752895693826","filters":{"14":["6032669"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"11893592752895693826","filters":{"14":["6032669"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"11893592752895693826","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"11893592752895693826","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["5994599"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B012 42 B
64 B 268ms
268ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtmOYXeED_FB8xWgHTAGCUzaSXg_BdAP6AWXNJESsk99IyPLUH4-axTb_mNyEMjG5ZeBCiecpb9JbP4Yc__Hvr5dqi2vxYSY8RhW0O_yHs_N4HiedmfcktMINNOvWJ5_TL9Mr3Wa4lY786ybR6YXYdMGEh&sai=AMfl-YT1BfaRnIsSl00kOP5WBRbk31UKL11eOuujrPZuK5wDf_rtj227boAfq9tvt9o1d7Fg9um775MuG7mcU0-By8e19i_Ykinyl8g_6hb8WxUva0G0BGXBJK3awybS&sig=Cg0ArKJSzLyLA7qbX2upEAE&cid=CAQSPAAvHhf_iRay-Hk5IvXtAJoyDT1ZJuxfvJmIcf8BbMtQ-mhOuUMEjBFB7aPBGbOKeHvWwsWamGt4aNyh1xgB&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20240124&bin=7&avms=nio&bs=0,0&mc=0.63&if=1&vu=1&app=0&itpl=20&adk=2844659701&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=170654483800&rst=1706544838007&rpt=604&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:13:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B012 0
20 B 251ms
251ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1277831321794&version=m202309260101&ct=76&x=1&cor=6202049104245645000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:14:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A74 0
20 B 252ms
252ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4142327989349&version=m202309260101&ct=77&x=1&cor=14319050516398428000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:14:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B012 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4281:7fa5:c934:6539:afca
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1893484&asId=cc6f83e7-81f9-60ab-10ee-a086f61ffb9c&tv=%7Bc:2HV23x,pingTime:1,time:2297,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:19%7D,%7Bpiv:63,vs:pp,r:,t:1296%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1296,n:0,pp:1001,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1289~0,1~50%5D,as:%5B1290~120.600%5D%7D%7D,%7Bsl:pp,t:1296,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:63,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~50%5D,as:%5B1000~120.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:105,fm:u2LKe8G+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191*.1893484-77291975%7C1911%7C1a%7C1b%7C1c,idMap:191*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:20,sis:182%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:7fa5:c934:6539:afca Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jan 2024 16:14:00 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.theatreinchicago.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: e769e356528ca11b1752dfd92c589eff
www.theatreinchicago.com/	1970-01-21 03:38:24	Name: _omappvp Value: sgDmHEzOvtlW74NDaOs7NSatZ2TNFOtUqf8mGd5ZptUeooRHYuDKq4AEwtKOpGGFbsWNNEwBy2QL2Mnw4jXmoroi5htykYh0
www.theatreinchicago.com/	1970-01-20 18:02:26	Name: _omappvs Value: 1706544836809
.theatreinchicago.com/	1970-01-21 03:38:24	Name: _ga_5VT249Q4NT Value: GS1.1.1706544836.1.0.1706544836.0.0.0
.theatreinchicago.com/	1970-01-21 03:38:24	Name: _ga Value: GA1.1.71718979.1706544837
.theatreinchicago.com/	1970-01-21 03:38:24	Name: __utma Value: 200663403.71718979.1706544837.1706544837.1706544837.1
.theatreinchicago.com/	1969-12-31 23:59:59	Name: __utmc Value: 200663403
.theatreinchicago.com/	1970-01-20 22:25:12	Name: __utmz Value: 200663403.1706544837.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.theatreinchicago.com/	1970-01-20 18:02:25	Name: __utmt Value: 1
.theatreinchicago.com/	1970-01-20 18:02:26	Name: __utmb Value: 200663403.1.10.1706544837
.theatreinchicago.com/	1970-01-20 22:21:36	Name: __eoi Value: ID=b46683a43a8c96d2:T=1706544837:RT=1706544837:S=AA-Afjav4dXqC90Z_UIhvWItf42p
.adnxs.com/	1970-01-20 20:12:00	Name: XANDR_PANID Value: kNcy9qJDS5xFGmaMPXhh5UCCCYd4ClN7wgf4-TE8DPqxTkFn6GKt4IWMojo6k4mLMl5wZRnNDNKUHUkGfwwle1Vx_Ha6IOrhI9sjEPLe3Rk.
.adnxs.com/	1970-01-21 03:38:24	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:12:00	Name: uuid2 Value: 2770802557814231640
.casalemedia.com/	1970-01-21 02:48:00	Name: CMID Value: ZbfOxt3vq-fRbIvAfE1iPAAA
.casalemedia.com/	1970-01-20 20:12:00	Name: CMPS Value: 3251
.casalemedia.com/	1970-01-20 20:12:00	Name: CMPRO Value: 3251
.doubleclick.net/	1970-01-21 03:24:00	Name: IDE Value: AHWqTUmajFgyL1fs3mI8TUPNOgvB8bCGo7TeWFUHc1fWLGqNqN90m0xeo_tfP-Hcsso
.theatreinchicago.com/	1970-01-21 03:24:00	Name: __gads Value: ID=ad14130bcde8f132:T=1706544837:RT=1706544837:S=ALNI_MY3nnMMOHuSuHZNA8luWEc1RfE0Xg
.theatreinchicago.com/	1970-01-21 03:24:00	Name: __gpi Value: UID=00000d4c5e533265:T=1706544837:RT=1706544837:S=ALNI_Mags1J-vc0FykFtzlGmbYixuoOi9w
.doubleclick.net/	1970-01-20 22:21:36	Name: APC Value: AfxxVi7K-K2ApnifNVUQZJjyRv_olQw3lIi9TvbS9JDF0lexW3L90Q
.adnxs.com/	1970-01-20 20:12:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb9Lk(_b!@wnfH8K6pQK`!5=E<L5?%K/6:_S47_c.5?LvHl[iiiiI!n^?wL@evjSp4bpRzqF1`*b^hx)piVM
.simpli.fi/	1970-01-21 02:49:27	Name: suid Value: 3B7AEDD6975341DC8CC6B353B7CD421B
.blismedia.com/	1970-01-21 02:48:04	Name: b Value: 65B7CEC65C770090C1465754BLIS
.travelaudience.com/	1970-01-21 03:34:05	Name: _tracker Value: %7B%22UUID%22%3A%22F920050A-39B5-4A3E-1125-B2D457C2E536%22%7D
.adform.net/	1970-01-20 18:47:03	Name: C Value: 1
.adform.net/	1970-01-20 19:28:48	Name: uid Value: 4412629921554172878
.redintelligence.net/	1970-01-20 20:12:00	Name: 8lcfmzhxc8d6_uid Value: 9e04833094c29386
.innovid.com/	1970-01-20 20:12:00	Name: uuid Value: 2368e622-1c8b-4624-9cd8-fb212bee86ec-20240129 11:13:58
.doubleclick.net/	1970-01-20 22:21:36	Name: receive-cookie-deprecation Value: 1
.retailads.net/	1970-01-20 18:45:36	Name: ppb2172 Value: 3496459219
.doubleclick.net/	1970-01-20 18:45:36	Name: ar_debug Value: 1
ads.travelaudience.com/	1970-01-21 03:34:05	Name: _tracker Value: %7B%22UUID%22%3A%22F920050A-39B5-4A3E-1125-B2D457C2E536%22%7D
.futalis.de/	1970-01-20 19:28:48	Name: raSIDb Value: 3496459219
.awin1.com/	1970-01-20 18:05:17	Name: awpv22610 Value: 296283\|1706544839\|68c01b50-bec1-11ee-8694-226555b1c0ac
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 408799:2874697
.tribalfusion.com/	1970-01-20 20:12:00	Name: ANON_ID Value: aKnt6ZaxNeTgBeZdwQyxT77LuPmfSajB0yVBk67G8arV3qYg3L5awGbMJavp27oUlabXSaiAqQDVFhxc0si6Zap6US7kn3v

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

40d76c8d88dc42724121d8cb34700e33.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
a.omappapi.com
a.tribalfusion.com
ad.doubleclick.net
ads.travelaudience.com
adservice.google.com
ag.innovid.com
api.omappapi.com
bid.g.doubleclick.net
c1.adform.net
cdn.retailads.net
cm.g.doubleclick.net
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
fw.adsafeprotected.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900016.redintelligence.net
ib.adnxs.com
in.getclicky.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
medialead.de
odr.mookie1.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pv.medialead.de
region1.google-analytics.com
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.adsafeprotected.com
static.getclicky.com
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
www.awin1.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.theatreinchicago.com
x.bidswitch.net
138.201.220.30
142.250.184.198
142.250.186.34
142.250.74.198
172.217.16.194
172.64.151.101
173.194.76.156
178.250.1.9
2001:4860:4802:32::36
2400:52e0:1e00::1080:1
2600:1f18:1aca:4281:7fa5:c934:6539:afca
2600:9000:26da:800:8:48e:53c0:93a1
2606:4700::6811:616c
2606:4700::6812:18ad
2606:4700::6812:bcf
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2002
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:831::2002
2a01:4f8:d0a:2321::2
2a05:d01c:1d8:8102:1ffd:c1da:c0ec:deee
34.160.236.64
34.96.105.8
35.190.0.66
35.204.158.49
35.214.149.91
37.157.3.26
37.252.173.215
49.12.16.151
52.223.40.198
63.33.146.168
74.208.236.154
88.99.219.174
91.121.248.44
92.123.148.9
94.23.99.218
98.98.134.243
99.84.88.88
019b4a1fa52be349c3557c5404604f5510c0907722f77f59d3d61c1b940530e6
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02393e6c4d1934612af95f1a84117b135af46278f78b97124eae6536bb5b20d9
09ada055514547f02f36a5aa9d563eac424a648da220089d4e22bd7b1183f5c2
0a37dce7f31939a26dd8d69fe60973b638cb63cbdf943b7d06448212ce28ceb8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d6c2aa0a446364169fba9251e31da41e2f618a09e3cceae2fccd617508e372f
0eeb8b2025374b7e01734372458ddddedd9a97e0b9f9184ed5f2fd9d50d56f2e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1550bce995a4397466ef53419df3990ac47fa6b4a95e25a40a2bf192ad6a6014
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
182645413d8e9ce24afe2a8f46f4b1a622934cc12b0b5b4f1c6a9146c47c6e9f
19179e033857b424a0fa75ddd2552a90ce462c5163991dcd7df07bde205fafef
19a1c36efb8f75a1c15da18bba067288f227949048b3260c0d75272b7dceeba6
1fcab795411fac2ef4fe726fc3ee3ad3192ff76a846fa3b28616b3b6e61fae83
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
20acf5d6867ff28c18e9ec81b2e3bd8e703b73e2024fc96768c0ce2a5ac6780e
2103160a4a69cd716695f0bcbdae2e299c299b1d4ba811f3d80a036dd2d10a51
21111013521ce045115ade20ed1b0ac09b102688f010ecf84bb7f3f53574456c
263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36
2aa774d67c4ddb23c4a776253b85cfc6e90ece3c39208e0c849d9a3d0c764676
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ea24df9a3e1eb05c5927721b875ac55379cb6f3ed2f89561ddd1002fa99ef2d
3100d491b841fa14ff6e424f20fdf84f0c815af85644b26e333aedad86eb7b79
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3408d5e5a86185a87d27c4cfdf941c94f6474efca8a232089eca3debb9266b0a
35f76a9b54a670b0bf14d5b99e194e6fbbc0f0e49d3c0f68d3e3d05843c5a07c
369dc21fac21c57070a8d3ba87657c166c44d284c512410da2db19245ea3c5d0
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
380f4d536d9bcc0a608b57bac77ce34c22b524df3ddb6810b52455b8b63ce3f2
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3a0a0663352bcb92d46f373306fd1605e5ddd78fbca826a3a70611f3d490d917
3eb84b1df931a67f1481860f0ebd3041fbe7568906df648e9cc031e9c514118d
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
46291117984b578ab68ae7574d182beaddde2288cce1ceeec1a475acd6b39ddb
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
4b4b5ba280276a9c80c457ea4a51d078f7763d3f26ff216915785c66ad66241d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
506e6914d788c14e1cbf2827e3ff8517babd7f3ba8971f10b59b29f2580093aa
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
530f0af9970c002750d70bd61016078a0a4fca386f6bf7a98c920f62c3dfc509
5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56ab6b29646315f6b094297b45752ae23fe18430c8eb531edaa6297d917eb5f7
56b44659d9583275a2d1145b4a3d0beef693aa6b707d092b20950b364a2558f4
5755d76cf8eeb03fe52f7240a36a8fe311aa40778d3428dd1c2ef0b03ea3a530
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5899725f342c0656cf8be10c77670ef42446d9cc15b854e32281f979cc9608ac
5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5
5f2c9e2af5ff4789eaba871a2b33097559693f372faa89e8e0261f0eb9e442b6
5f66dd2ae2b11df82e04551d723cb41e49182c3717c6079d22b59ef2da492693
5fa42c1d96f1d20bb0a5c0f1468aba661ad4c3584dd51646a3bfb996e869b8dd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63968bd2eb3010c82017befe42790225802cbf035d3168af76357ae85708bbfa
6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a
690c1cdc3908a99cacc2877843aa77fb9550d2d9c5f112e7bf9a2f41964d05b1
6d3a32f31c668587a5991eef8ba6cd17efa14b2e7308801f561f912c3eeb0fdd
6d577844b42ad256496c0e45fce5e18da151d12204844b101cfad16efb2038de
6d5b0ff42e478355ee412261759985200234ff5accc6afff2981d633071a2c2e
6e656a85a9388067424ff6ffbaec403df44b49c20b9d771fef6724ef0d3bfca9
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7ba376d86abfce3baa4cc9deefa9d84d92ea6492d3f84c5719f1fbcc864c7464
7d5adf9978eb605d5ddfad21b29de133f842a9480ecda9aecb1a9c28e64ae1f5
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e6a03429a1225371169b6e1f3eaec26237427900fd67dbccd4eb05ae4ff5dd6
811f65a186d4c9c08fd959619ca7734d5b05b98c0f70adfd7e2038826103b4b7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8424b8a3d195c1501a24371ab141becbb9c81ae93f7a86df80d63585683f47a6
85506787e85b4201c6cb65348b2f2584372d994197d872a63dfe28d434b2c870
8924cb9bc79b42579216aff2342c24ca4dcd3a22e7fcdb62be522eb4d7bb61ef
8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c
8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a
8fc613fa1d633bee317a42d0f254d687b7af02788b378fc3e8ac3b1741ceccf2
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a
9884ce2d33f1941b6d06cdbb288c3caf421f2be3870831ef2f48dca6061f5471
9967752be40cf2fb9d4a6ec9b1894681e10ff260fd3cf904599a24201a0181d9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b077702c377419771a3cf67ccdd335f645802510dfe0f7084d75b16bde5bc91
9b9aca82552ad6ef81f135a8ed5ecf675ca6a968f1a4ad225826c573314b3da7
9baf8b2a2dec1dc0da57e3e933f38a0c9d5955442447d0614fe295bf5a806feb
9e0c5c7c994e9239e1c893780b86d08c99428c122b615b6bd8ca21b2fc694a49
9e71f66d54768bbd4a51ec580d6bbdbf59ca21f064348b68d31302552cd4a825
9ead719662d12d46e58484bd0b7a00cc267edf5a0df7c4d4e67978f29d1d33e6
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72
a18f6716c98468c92091f6d35cc43722c5ab981bf8711820d04e6407e1614a43
a5593ee287dd4b1700d5da17311630731775218b9e980946477e185881b820dc
b0ea0869d15d52dff2b111b4943d3f440cf0985f233f5df2cf0ce6430ebca641
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ff344c29dfe132c4d5663981d939562a86bed8413984f812c02a6a3bae80a4
b6f0b598df835487016d838afb7b9b35e5d94d43cac047905cd8b0645db76287
b83c2064543f24bdecc2d922bac6aec2cee41621332afe1d285bcea0d1a1733b
bd9343e493cd44c5213f0af31541550cfeaf0590f1f1998c0f1876c7746b4e43
c08b857e67f202ceb9d0fd96b256d6fd597229cc67c3596dc8d860d444032342
c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815
c37f897fce50c0cd6aac3271ded472f6abb76d1e5a98e5a40844753bba2ae5ce
c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52
c57474d7e47afbb74e85908222a1483feedee8cbba1ed7c94450db8fcac1ee36
c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2
c8401d267b771261f21a9d00951d93ccee54bbc2d910433f86b7c5b975060b4c
c928e1245a631b7a54428fe8bc128e68a0df9328a08b4caf902b01ade3922ec6
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
ceb00641554b7ec9f04b4395fc481f4a7774ba672767cf5fb2dbe41ec3e5ea7b
d0462da8dc2fb032a72b3cb442016cc2b3e154bf9f34ae1a759f741c2749163e
d499f67a7b601efb85a41524f9e839e98a2cd6baf20aa50e91bc917eb3838842
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d6d46477991976d7a536bf82b4d2da4c385072f52a028ea9b1b8cad35a5a6d03
d7fed405340f6bd8f2c66c99a9c60051a98e5938a56f17f9c0bc0c9b9795ba4c
d96fd18ffd4954fee8c14ee325cea257df4176460c2c748ba6b7bf52b6ebda9d
d9b25de87a3cfb2cc691f9067e6b32fb23ca8932260980a84244851611b2649f
ddb9e9f6b3c2f69591892defe32558fc3b8e8402f9ad1f6a9afeb1336ef28936
dee998c3af8b2929c31cc49a05832494853e55750e2286393df641d858231e49
e118fd3e82ba87e1b71c46a30d69a10f2205bfee2f8f00bfc5611a5e8892f36b
e123447aebcea7405e05a1f37665391a018fbddab2005d1858ba5d29c582e03f
e1b149f9dffc3130750034a65c4a1d2cbefe7ffcef67fcb368f292a065aabeef
e1d4f4f1ed15774feb8972f2e31dfcbba8b3c1a2624214fcae3d2292bbeb82e1
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41e121ea6908b6e97e7bb4b92267f4f0bb16ed294c52d5bab98469ea04f3904
e46bea449dc9774ac70d9b1c80ec2cfdd5bd362032cef8c73768004efcb20dd8
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7fe7990f8d41650ab806c09401dd6adc64c207b7047ee050dffff9f507f2f24
e91f516db4d4d3a241756ecbec7b489ef234675070808ccbd953f72562293b3d
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1aead89e42c8e5e00dbba89a9b5c580ca9a09c275920b124b7ed69c5d8b9687
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f8f188be3fa88f30858ed09ca59fb7c1d5f0293aad425355438711181da9c912
fecfc786d0afba02f859d468c27a08c700e0cd67a901e23cb5f85bd01fad40bd

www.theatreinchicago.com Open in urlscan Pro 74.208.236.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

230 Requests

92 %HTTPS

48 %IPv6

34 Domains

50 Subdomains

45 IPs

7 Countries

2869 kBTransfer

6096 kBSize

37 Cookies

7 Outgoing links

Page URL History

Redirected requests

230 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.theatreinchicago.com Open in urlscan Pro
74.208.236.154 Public Scan

Screenshot
Live screenshot

Full Image

230
Requests

92 %
HTTPS

48 %
IPv6

34
Domains

50
Subdomains

45
IPs

7
Countries

2869 kB
Transfer

6096 kB
Size

37
Cookies

230 HTTP transactions
6 data transactions