urlscan.io logo urlscan.io
SecurityTrails logo

wwwproxy.uscho.com Open in urlscan Pro
104.248.50.245  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://wwwproxy.uscho.com/
Effective URL: https://wwwproxy.uscho.com/
Submission: On November 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 109 IPs in 10 countries across 75 domains to perform 568 HTTP transactions. The main IP is 104.248.50.245, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is wwwproxy.uscho.com.
TLS certificate: Issued by R3 on October 27th 2023. Valid for: 3 months.
This is the only time wwwproxy.uscho.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 60 104.248.50.245 14061 (DIGITALOC...)
4 2a00:1450:400... 15169 (GOOGLE)
15 2a00:1450:400... 15169 (GOOGLE)
4 2600:9000:25a... 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
81 2a00:1450:400... 15169 (GOOGLE)
2 167.172.136.17 14061 (DIGITALOC...)
11 2a00:1450:400... 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
4 54.87.131.239 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.225.205.186 14618 (AMAZON-AES)
2 2606:4700:440... 13335 (CLOUDFLAR...)
1 7 2606:4700:10:... 13335 (CLOUDFLAR...)
1 3 145.40.97.67 54825 (PACKET)
1 185.64.189.112 62713 (AS-PUBMATIC)
3 216.52.2.30 30282 (AS-INAPCD...)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
3 5 172.64.151.101 13335 (CLOUDFLAR...)
1 2602:803:c003... 26667 (RUBICONPR...)
2 18.200.168.98 16509 (AMAZON-02)
1 69.166.1.32 27630 (AS-XFERNET)
3 8 37.252.171.21 29990 (ASN-APPNEX)
1 2a02:2638:3::7 44788 (ASN-CRITE...)
2 34.149.20.76 15169 (GOOGLE)
6 35.244.159.8 396982 (GOOGLE-CL...)
2 9 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:25a... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 28 2a00:1450:400... 15169 (GOOGLE)
3 130.211.23.194 396982 (GOOGLE-CL...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
9 142.250.186.70 15169 (GOOGLE)
1 2600:9000:209... 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 172.64.152.89 13335 (CLOUDFLAR...)
3 2a02:2638:3::3 44788 (ASN-CRITE...)
1 13.224.103.78 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 162.19.138.119 16276 (OVH)
25 2001:4860:480... 15169 (GOOGLE)
1 2 34.120.135.53 396982 (GOOGLE-CL...)
2 6 2a02:2638:3::c 44788 (ASN-CRITE...)
3 3.208.172.61 14618 (AMAZON-AES)
3 2600:9000:25a... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 3.71.149.231 16509 (AMAZON-02)
2 54.194.65.19 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
46 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
41 2a00:1450:400... 15169 (GOOGLE)
2 34.254.15.230 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
10 12 142.250.185.162 15169 (GOOGLE)
12 104.18.36.155 13335 (CLOUDFLAR...)
2 2.16.97.41 16625 (AKAMAI-AS)
2 185.86.139.57 201081 (SMARTADSE...)
4 142.250.186.98 15169 (GOOGLE)
3 6 54.155.77.146 16509 (AMAZON-02)
1 13.224.103.40 16509 (AMAZON-02)
8 138.201.64.38 24940 (HETZNER-AS)
8 142.250.185.226 15169 (GOOGLE)
6 2600:9000:219... 16509 (AMAZON-02)
1 4 78.46.90.238 24940 (HETZNER-AS)
15 2600:1f13:800... 16509 (AMAZON-02)
3 138.201.63.117 24940 (HETZNER-AS)
3 4 145.239.193.130 16276 (OVH)
3 88.198.250.30 24940 (HETZNER-AS)
1 2a0b:4d07:101::1 44239 (PROINITY ...)
1 2 23.56.205.163 16625 (AKAMAI-AS)
1 2 2a01:4f8:d0a:... 24940 (HETZNER-AS)
1 49.12.16.151 24940 (HETZNER-AS)
1 85.10.231.200 24940 (HETZNER-AS)
1 52.17.171.231 16509 (AMAZON-02)
1 18.132.222.111 16509 (AMAZON-02)
1 13.224.103.16 16509 (AMAZON-02)
1 18.165.183.76 16509 (AMAZON-02)
1 34.120.133.55 396982 (GOOGLE-CL...)
2 35.71.131.137 16509 (AMAZON-02)
4 95.101.202.12 16625 (AKAMAI-AS)
1 162.210.196.208 30633 (LEASEWEB-...)
1 151.101.65.108 54113 (FASTLY)
1 52.58.37.65 16509 (AMAZON-02)
1 1 35.214.184.129 15169 (GOOGLE)
2 184.30.16.195 16625 (AKAMAI-AS)
2 172.64.149.180 13335 (CLOUDFLAR...)
1 67.202.105.21 32748 (STEADFAST)
1 141.95.98.65 16276 (OVH)
1 2 52.46.155.104 16509 (AMAZON-02)
6 6 44.215.169.187 14618 (AMAZON-AES)
2 2 178.250.1.9 44788 (ASN-CRITE...)
2 2600:1f18:ed:... 14618 (AMAZON-AES)
1 2a05:d018:cc3... 16509 (AMAZON-02)
1 18.197.187.29 16509 (AMAZON-02)
2 2 35.208.249.213 15169 (GOOGLE)
2 2 3.125.12.15 16509 (AMAZON-02)
1 198.47.127.19 62713 (AS-PUBMATIC)
2 69.173.144.139 26667 (RUBICONPR...)
1 2a05:d018:d29... 16509 (AMAZON-02)
1 2607:ae80:192... 26558 (FREEWHEEL)
1 3.225.103.95 14618 (AMAZON-AES)
1 1 50.31.142.223 23352 (SERVERCEN...)
1 1 54.165.115.205 14618 (AMAZON-AES)
1 1 104.122.39.115 16625 (AKAMAI-AS)
2 18.132.19.32 16509 (AMAZON-02)
5 2600:9000:211... 16509 (AMAZON-02)
568 109
60    104.248.50.245 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
wwwproxy.uscho.com
4    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
15    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
4    2600:9000:25a2:8200:1c:386f:ec80:21 (United States)

ASN16509 (AMAZON-02, US)
d3lcz8vpax4lo2.cloudfront.net
3    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cse.google.com
81    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    167.172.136.17 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: powerplay.uscho.com
json-b.uscho.com
11    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
4    54.87.131.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-131-239.compute-1.amazonaws.com
event.insticator.com
1    2606:4700:10::6816:4ad8 (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
1    54.225.205.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-205-186.compute-1.amazonaws.com
geoip.insticator.com
2    2606:4700:4400::6812:2b5a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
7    2606:4700:10::6816:53d (United States)

ASN13335 (CLOUDFLARENET, US)
ex.ingage.tech
3    145.40.97.67 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
3    216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
1    2a02:fa8:8806:12::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)
web.hb.ad.cpe.dotomi.com
5    172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
1    2602:803:c003:200::45 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    18.200.168.98 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
g2.gumgum.com
1    69.166.1.32 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
8    37.252.171.21 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
secure.adnxs.com
1    2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
bidder.criteo.com
2    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
6    35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com
insticator-d.openx.net
google-bidout-d.openx.net
us-u.openx.net
u.openx.net
9    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2600:9000:25a2:4a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
3    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
28    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
2    2606:4700:20::681a:346 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
9    142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net
ad.doubleclick.net
1    2600:9000:2090:c400:10:dd8:5e40:93a1 (United States)

ASN16509 (AMAZON-02, US)
connectid.analytics.yahoo.com
1    2600:9000:2250:e00:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)
cdn.prod.uidapi.com
1    2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-ima.33across.com
3    2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    13.224.103.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-78.zrh50.r.cloudfront.net
tags.crwdcntrl.net
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
1    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
3    2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu
id5-sync.com
25    2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
2    34.120.135.53 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com
oajs.openx.net
6    2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
mug.criteo.com
3    3.208.172.61 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-172-61.compute-1.amazonaws.com
geoip.instiengage.com
cms.instiengage.com
3    2600:9000:25a2:1800:9:78a:e540:93a1 (United States)

ASN16509 (AMAZON-02, US)
auth.instiengage.com
product.instiengage.com
1    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
clients1.google.com
2    3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    54.194.65.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-65-19.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
id.crwdcntrl.net
3    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
2    2606:4700:3037::ac43:8d14 (United States)

ASN13335 (CLOUDFLARENET, US)
www.uscho.com
46    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
12    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
41    2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    34.254.15.230 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-15-230.eu-west-1.compute.amazonaws.com
protected-by.clarium.io
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
12    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
cm.g.doubleclick.net
12    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
2    2.16.97.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com
sync.teads.tv
2    185.86.139.57 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
4    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googleadservices.com
6    54.155.77.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-77-146.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
1    13.224.103.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-40.zrh50.r.cloudfront.net
cdn.lamp.avct.cloud
8    138.201.64.38 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de
hal9000.redintelligence.net
8    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
googleads4.g.doubleclick.net
6    2600:9000:2190:e800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
4    78.46.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de
hal900019.redintelligence.net
15    2600:1f13:800:7782:12de:a7c6:4ccd:970d (Boardman, United States)

ASN16509 (AMAZON-02, US)
dt.adsafeprotected.com
3    138.201.63.117 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de
hal90003.redintelligence.net
4    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
3    88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
1    2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)
adv.office-partner.de
2    23.56.205.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-205-163.deploy.static.akamaitechnologies.com
www.awin1.com
2    2a01:4f8:d0a:2321::2 (Germany)

ASN24940 (HETZNER-AS, DE)
cdn.retailads.net
1    49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de
futalis.de
1    85.10.231.200 (Fellbach, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 85-10-231-200.clients.your-server.de
www.media01.eu
1    52.17.171.231 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-171-231.eu-west-1.compute.amazonaws.com
measure.lamp.avct.cloud
1    18.132.222.111 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-222-111.eu-west-2.compute.amazonaws.com
track.webgains.com
1    13.224.103.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-103-16.zrh50.r.cloudfront.net
analytics.webgains.io
1    18.165.183.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-76.zrh55.r.cloudfront.net
cdn.track.production.webgains.team
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
2    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    95.101.202.12 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-202-12.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    162.210.196.208 (Lanham, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
sync.aralego.com
1    151.101.65.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
1    52.58.37.65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-37-65.eu-central-1.compute.amazonaws.com
match.sharethrough.com
1    35.214.184.129 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 129.184.214.35.bc.googleusercontent.com
csync.loopme.me
2    184.30.16.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-195.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    172.64.149.180 (United States)

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
cdn.indexww.com
1    67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
1    141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu
lb.eu-1-id5-sync.com
2    52.46.155.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
6    44.215.169.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-169-187.compute-1.amazonaws.com
i.liadm.com
2    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    2600:1f18:ed:550a:f0c6:ec14:4b0d:2411 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
1    2a05:d018:cc3:fe04:ef70:7dcd:5ce0:30c1 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
d.adroll.com
1    18.197.187.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-187-29.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    35.208.249.213 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 213.249.208.35.bc.googleusercontent.com
trace.mediago.io
2    3.125.12.15 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-12-15.eu-central-1.compute.amazonaws.com
pm.w55c.net
1    198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    2a05:d018:d29:3601:bc0f:4713:12cd:b626 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2607:ae80:192:1::173 (United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
1    3.225.103.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-103-95.compute-1.amazonaws.com
rtb.adentifi.com
1    50.31.142.223 (Hickory Hills, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
1    54.165.115.205 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-115-205.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    104.122.39.115 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-39-115.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
2    18.132.19.32 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-19-32.eu-west-2.compute.amazonaws.com
api.webgains.io
5    2600:9000:211e:ea00:17:5bae:c7c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.instiengage.com
Apex Domain
Subdomains		 Transfer
130 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
1 MB
75 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
ad.doubleclick.net — Cisco Umbrella Rank: 154
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439
858 KB
64 uscho.com
wwwproxy.uscho.com
json-b.uscho.com — Cisco Umbrella Rank: 763683
www.uscho.com — Cisco Umbrella Rank: 436452
5 MB
41 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
726 KB
37 gstatic.com
fonts.gstatic.com
csi.gstatic.com
www.gstatic.com
230 KB
27 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 898
static.adsafeprotected.com — Cisco Umbrella Rank: 587
dt.adsafeprotected.com — Cisco Umbrella Rank: 570
513 KB
17 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
12 KB
15 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 38186
hal900019.redintelligence.net — Cisco Umbrella Rank: 215250
hal90003.redintelligence.net — Cisco Umbrella Rank: 238211
97 KB
15 google.com
cse.google.com — Cisco Umbrella Rank: 3113
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 3040
clients1.google.com — Cisco Umbrella Rank: 453
177 KB
12 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 212
671 KB
11 instiengage.com
geoip.instiengage.com — Cisco Umbrella Rank: 23858
auth.instiengage.com — Cisco Umbrella Rank: 19742
product.instiengage.com — Cisco Umbrella Rank: 22790
static.instiengage.com — Cisco Umbrella Rank: 28084
cms.instiengage.com — Cisco Umbrella Rank: 35673
156 KB
9 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 757
gum.criteo.com — Cisco Umbrella Rank: 454
mug.criteo.com — Cisco Umbrella Rank: 2926
dis.criteo.com — Cisco Umbrella Rank: 597
15 KB
9 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
acdn.adnxs.com — Cisco Umbrella Rank: 609
secure.adnxs.com — Cisco Umbrella Rank: 495
23 KB
8 liadm.com
i.liadm.com — Cisco Umbrella Rank: 539
i6.liadm.com — Cisco Umbrella Rank: 2731
5 KB
8 openx.net
insticator-d.openx.net — Cisco Umbrella Rank: 20623
oajs.openx.net — Cisco Umbrella Rank: 1656
google-bidout-d.openx.net — Cisco Umbrella Rank: 1665
us-u.openx.net — Cisco Umbrella Rank: 522
u.openx.net — Cisco Umbrella Rank: 659
1 KB
8 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 513
eus.rubiconproject.com — Cisco Umbrella Rank: 602
token.rubiconproject.com — Cisco Umbrella Rank: 458
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969
30 KB
7 ingage.tech
ex.ingage.tech — Cisco Umbrella Rank: 9601
2 KB
5 insticator.com
event.insticator.com — Cisco Umbrella Rank: 20071
geoip.insticator.com — Cisco Umbrella Rank: 27186
436 B
4 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 74479
www.media01.eu — Cisco Umbrella Rank: 866153
2 KB
4 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 44040
3 KB
4 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
4 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 863
id5-sync.com — Cisco Umbrella Rank: 440
35 KB
4 yahoo.com
connectid.analytics.yahoo.com — Cisco Umbrella Rank: 4351
ups.analytics.yahoo.com — Cisco Umbrella Rank: 327
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
10 KB
4 33across.com
ssc.33across.com — Cisco Umbrella Rank: 3592
cdn-ima.33across.com — Cisco Umbrella Rank: 1383
ssc-cms.33across.com — Cisco Umbrella Rank: 923
5 KB
4 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 502
ads.pubmatic.com — Cisco Umbrella Rank: 534
image6.pubmatic.com — Cisco Umbrella Rank: 823
12 KB
4 btloader.com
btloader.com — Cisco Umbrella Rank: 877
api.btloader.com — Cisco Umbrella Rank: 948
24 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
316 KB
4 cloudfront.net
d3lcz8vpax4lo2.cloudfront.net
167 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
5 KB
3 webgains.io
analytics.webgains.io — Cisco Umbrella Rank: 30616
api.webgains.io — Cisco Umbrella Rank: 91573
19 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 6862
578 B
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 976
bcp.crwdcntrl.net — Cisco Umbrella Rank: 887
id.crwdcntrl.net — Cisco Umbrella Rank: 2498
13 KB
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 668
74 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
3 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
503 B
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
281 B
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
166 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 912
1 KB
2 mediago.io
trace.mediago.io — Cisco Umbrella Rank: 904
575 B
2 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 310
2 KB
2 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
cdn.indexww.com — Cisco Umbrella Rank: 1531
2 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
573 B
2 retailads.net
cdn.retailads.net — Cisco Umbrella Rank: 150278
6 KB
2 awin1.com
www.awin1.com — Cisco Umbrella Rank: 18131
1 KB
2 avct.cloud
cdn.lamp.avct.cloud — Cisco Umbrella Rank: 7888
measure.lamp.avct.cloud — Cisco Umbrella Rank: 7326
14 KB
2 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 733
326 B
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1403
326 B
2 clarium.io
protected-by.clarium.io — Cisco Umbrella Rank: 1459
487 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 946
1 KB
2 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1591
665 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
109 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1245
pixel.quantserve.com — Cisco Umbrella Rank: 964
9 KB
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 689
1 KB
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 580
309 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1218
35 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 566
652 B
1 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 351
146 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1356
181 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 928
278 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 940
250 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 559
1 aralego.com
sync.aralego.com — Cisco Umbrella Rank: 3112
413 B
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 957
256 B
1 webgains.team
cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304
3 KB
1 webgains.com
track.webgains.com — Cisco Umbrella Rank: 62639
2 KB
1 futalis.de
futalis.de — Cisco Umbrella Rank: 313699
401 B
1 office-partner.de
adv.office-partner.de — Cisco Umbrella Rank: 217997
923 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
1 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139
1 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 1762
8 KB
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491
3 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1212
642 B
1 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
912 B
1 dotomi.com
web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 3773
218 B
0 spotxchange.com Failed
sync.search.spotxchange.com Failed
568 75
Domain Requested by
81 pagead2.googlesyndication.com wwwproxy.uscho.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
tpc.googlesyndication.com
ad.doubleclick.net
www.googletagservices.com
60 wwwproxy.uscho.com 1 redirects wwwproxy.uscho.com
46 tpc.googlesyndication.com googleads.g.doubleclick.net
wwwproxy.uscho.com
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
41 s0.2mdn.net googleads.g.doubleclick.net
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
wwwproxy.uscho.com
s0.2mdn.net
28 googleads.g.doubleclick.net 2 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
wwwproxy.uscho.com
25 csi.gstatic.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
15 dt.adsafeprotected.com googleads.g.doubleclick.net
15 securepubads.g.doubleclick.net wwwproxy.uscho.com
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
13 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
12 cm.g.doubleclick.net 10 redirects googleads.g.doubleclick.net
12 www.googletagservices.com googleads.g.doubleclick.net
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
wwwproxy.uscho.com
www.googletagservices.com
11 fonts.gstatic.com wwwproxy.uscho.com
fonts.googleapis.com
9 ad.doubleclick.net wwwproxy.uscho.com
googleads.g.doubleclick.net
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
www.googletagservices.com
9 www.google.com 2 redirects cse.google.com
wwwproxy.uscho.com
tpc.googlesyndication.com
8 googleads4.g.doubleclick.net wwwproxy.uscho.com
8 hal9000.redintelligence.net googleads.g.doubleclick.net
wwwproxy.uscho.com
hal90003.redintelligence.net
hal900019.redintelligence.net
7 ib.adnxs.com 2 redirects d3lcz8vpax4lo2.cloudfront.net
googleads.g.doubleclick.net
acdn.adnxs.com
7 ex.ingage.tech 1 redirects d3lcz8vpax4lo2.cloudfront.net
ssum-sec.casalemedia.com
6 i.liadm.com 6 redirects
6 static.adsafeprotected.com googleads.g.doubleclick.net
6 fw.adsafeprotected.com 3 redirects wwwproxy.uscho.com
5 static.instiengage.com
4 eus.rubiconproject.com d3lcz8vpax4lo2.cloudfront.net
eus.rubiconproject.com
ex.ingage.tech
4 pv.medialead.de 3 redirects hal900019.redintelligence.net
4 hal900019.redintelligence.net 1 redirects googleads.g.doubleclick.net
hal900019.redintelligence.net
4 www.googleadservices.com wwwproxy.uscho.com
4 gum.criteo.com 2 redirects static.criteo.net
4 event.insticator.com d3lcz8vpax4lo2.cloudfront.net
4 www.googletagmanager.com wwwproxy.uscho.com
www.googletagmanager.com
adv.office-partner.de
4 d3lcz8vpax4lo2.cloudfront.net wwwproxy.uscho.com
d3lcz8vpax4lo2.cloudfront.net
4 fonts.googleapis.com wwwproxy.uscho.com
googleads.g.doubleclick.net
hal90003.redintelligence.net
hal900019.redintelligence.net
3 ssum-sec.casalemedia.com d3lcz8vpax4lo2.cloudfront.net
ssum-sec.casalemedia.com
js-sec.indexww.com
3 pb.media01.eu hal900019.redintelligence.net
googleads.g.doubleclick.net
wwwproxy.uscho.com
3 hal90003.redintelligence.net wwwproxy.uscho.com
hal90003.redintelligence.net
3 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com securepubads.g.doubleclick.net
cdn.confiant-integrations.net
3 id5-sync.com cdn.id5-sync.com
d3lcz8vpax4lo2.cloudfront.net
3 www.google.de wwwproxy.uscho.com
3 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
3 static.criteo.net securepubads.g.doubleclick.net
d3lcz8vpax4lo2.cloudfront.net
static.criteo.net
3 api.btloader.com btloader.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 ap.lijit.com d3lcz8vpax4lo2.cloudfront.net
3 prebid.a-mo.net 1 redirects d3lcz8vpax4lo2.cloudfront.net
3 cse.google.com wwwproxy.uscho.com
www.google.com
3 cdnjs.cloudflare.com wwwproxy.uscho.com
cdnjs.cloudflare.com
2 api.webgains.io analytics.webgains.io
2 token.rubiconproject.com eus.rubiconproject.com
2 pm.w55c.net 2 redirects
2 trace.mediago.io 2 redirects
2 i6.liadm.com ssum-sec.casalemedia.com
2 dis.criteo.com 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 ads.pubmatic.com d3lcz8vpax4lo2.cloudfront.net
2 u.openx.net d3lcz8vpax4lo2.cloudfront.net
2 match.adsrvr.org d3lcz8vpax4lo2.cloudfront.net
ssum-sec.casalemedia.com
2 cdn.retailads.net 1 redirects futalis.de
2 www.awin1.com 1 redirects hal900019.redintelligence.net
2 rtb-csync.smartadserver.com googleads.g.doubleclick.net
2 sync.teads.tv googleads.g.doubleclick.net
2 us-u.openx.net googleads.g.doubleclick.net
2 protected-by.clarium.io 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
2 www.uscho.com wwwproxy.uscho.com
2 mug.criteo.com wwwproxy.uscho.com
2 ups.analytics.yahoo.com connectid.analytics.yahoo.com
googleads.g.doubleclick.net
2 auth.instiengage.com d3lcz8vpax4lo2.cloudfront.net
auth.instiengage.com
2 geoip.instiengage.com d3lcz8vpax4lo2.cloudfront.net
product.instiengage.com
2 oajs.openx.net 1 redirects wwwproxy.uscho.com
2 region1.analytics.google.com www.googletagmanager.com
2 ad-delivery.net wwwproxy.uscho.com
2 ssc.33across.com d3lcz8vpax4lo2.cloudfront.net
2 g2.gumgum.com d3lcz8vpax4lo2.cloudfront.net
2 cdn.confiant-integrations.net d3lcz8vpax4lo2.cloudfront.net
cdn.confiant-integrations.net
2 json-b.uscho.com wwwproxy.uscho.com
1 cms.instiengage.com product.instiengage.com
1 product.instiengage.com d3lcz8vpax4lo2.cloudfront.net
1 secure-assets.rubiconproject.com 1 redirects
1 cdn.indexww.com ssum-sec.casalemedia.com
1 sync.srv.stackadapt.com 1 redirects
1 b1sync.zemanta.com 1 redirects
1 rtb.adentifi.com ssum-sec.casalemedia.com
1 ads.stickyadstv.com ssum-sec.casalemedia.com
1 secure.adnxs.com 1 redirects
1 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
1 image6.pubmatic.com ads.pubmatic.com
1 x.bidswitch.net ssum-sec.casalemedia.com
1 d.adroll.com ssum-sec.casalemedia.com
1 lb.eu-1-id5-sync.com d3lcz8vpax4lo2.cloudfront.net
1 ssc-cms.33across.com d3lcz8vpax4lo2.cloudfront.net
1 js-sec.indexww.com d3lcz8vpax4lo2.cloudfront.net
1 csync.loopme.me 1 redirects
1 match.sharethrough.com d3lcz8vpax4lo2.cloudfront.net
1 acdn.adnxs.com d3lcz8vpax4lo2.cloudfront.net
1 sync.aralego.com d3lcz8vpax4lo2.cloudfront.net
1 api.rlcdn.com d3lcz8vpax4lo2.cloudfront.net
1 id.crwdcntrl.net d3lcz8vpax4lo2.cloudfront.net
1 cdn.track.production.webgains.team googleads.g.doubleclick.net
1 analytics.webgains.io track.webgains.com
1 track.webgains.com googleads.g.doubleclick.net
1 measure.lamp.avct.cloud cdn.lamp.avct.cloud
1 www.media01.eu wwwproxy.uscho.com
1 futalis.de wwwproxy.uscho.com
1 adv.office-partner.de hal900019.redintelligence.net
1 cdn.lamp.avct.cloud wwwproxy.uscho.com
1 www.gstatic.com googleads.g.doubleclick.net
1 google-bidout-d.openx.net oa.openxcdn.net
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 clients1.google.com wwwproxy.uscho.com
1 pixel.quantserve.com wwwproxy.uscho.com
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 connectid.analytics.yahoo.com securepubads.g.doubleclick.net
1 rules.quantcount.com secure.quantserve.com
1 insticator-d.openx.net d3lcz8vpax4lo2.cloudfront.net
1 bidder.criteo.com d3lcz8vpax4lo2.cloudfront.net
1 apex.go.sonobi.com d3lcz8vpax4lo2.cloudfront.net
1 fastlane.rubiconproject.com d3lcz8vpax4lo2.cloudfront.net
1 htlb.casalemedia.com d3lcz8vpax4lo2.cloudfront.net
1 web.hb.ad.cpe.dotomi.com d3lcz8vpax4lo2.cloudfront.net
1 hbopenbid.pubmatic.com d3lcz8vpax4lo2.cloudfront.net
1 geoip.insticator.com d3lcz8vpax4lo2.cloudfront.net
1 btloader.com d3lcz8vpax4lo2.cloudfront.net
1 secure.quantserve.com wwwproxy.uscho.com
0 sync.search.spotxchange.com Failed googleads.g.doubleclick.net
568 128

This site contains links to these domains. Also see Links.

Domain
fanforum.uscho.com
www.uscho.com
stats.uscho.com
www.facebook.com
twitter.com
hockeyhumanitarian.org
Subject Issuer Validity Valid
wwwproxy.uscho.com
R3		 2023-10-27 -
2024-01-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
json-b.uscho.com
R3		 2023-11-05 -
2024-02-03		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
quantserve.com
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.insticator.com
Sectigo RSA Organization Validation Secure Server CA		 2023-08-28 -
2024-08-28		 a year crt.sh
btloader.com
GTS CA 1P5		 2023-10-19 -
2024-01-17		 3 months crt.sh
confiant-integrations.net
GTS CA 1P5		 2023-09-20 -
2023-12-19		 3 months crt.sh
*.ingage.tech
Sectigo RSA Organization Validation Secure Server CA		 2023-07-28 -
2024-08-11		 a year crt.sh
*.a-mo.net
R3		 2023-11-07 -
2024-02-05		 3 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2023-04-20 -
2024-05-20		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2023-06-09 -
2024-07-10		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01		 2023-07-17 -
2024-08-14		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2023-12-23		 3 months crt.sh
ssc.33across.com
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
api.btloader.com
GTS CA 1D4		 2023-10-10 -
2024-01-08		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
connectid.analytics.yahoo.com
GlobalSign ECC OV SSL CA 2018		 2023-08-15 -
2024-02-08		 6 months crt.sh
cdn.prod.uidapi.com
R3		 2023-11-02 -
2024-01-31		 3 months crt.sh
oa.openxcdn.net
GTS CA 1D4		 2023-09-25 -
2023-12-24		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-09 -
2024-01-06		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01		 2023-10-08 -
2024-11-05		 a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4		 2023-10-24 -
2024-01-22		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
*.instiengage.com
Sectigo RSA Organization Validation Secure Server CA		 2023-05-09 -
2024-05-24		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-03 -
2024-01-24		 6 months crt.sh
www.uscho.com
GTS CA 1P5		 2023-10-20 -
2024-01-18		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
protected-by.clarium.io
Amazon RSA 2048 M02		 2023-11-16 -
2024-12-15		 a year crt.sh
teads.tv
R3		 2023-11-03 -
2024-02-01		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-27		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
cdn.lamp.avocet.io
Amazon RSA 2048 M01		 2023-02-24 -
2024-02-07		 a year crt.sh
redintelligence.net
R3		 2023-10-10 -
2024-01-08		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M01		 2023-05-09 -
2024-06-06		 a year crt.sh
*.media01.eu
RapidSSL TLS RSA CA G1		 2023-05-16 -
2024-05-15		 a year crt.sh
adv.office-partner.de
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
pv.medialead.de
R3		 2023-10-12 -
2024-01-10		 3 months crt.sh
www.awin1.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-10 -
2024-03-09		 a year crt.sh
*.futalis.de
R3		 2023-10-13 -
2024-01-11		 3 months crt.sh
*.lamp.avct.cloud
R3		 2023-10-02 -
2023-12-31		 3 months crt.sh
cdn.retailads.net
Encryption Everywhere DV TLS CA - G2		 2023-05-18 -
2024-05-17		 a year crt.sh
*.webgains.com
Amazon RSA 2048 M01		 2023-05-15 -
2024-06-13		 a year crt.sh
*.webgains.io
Amazon RSA 2048 M01		 2023-07-24 -
2024-08-22		 a year crt.sh
cdn.track.production.webgains.team
Amazon RSA 2048 M03		 2023-08-30 -
2024-09-27		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.aralego.com
Sectigo RSA Domain Validation Secure Server CA		 2023-11-09 -
2024-12-09		 a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2023-03-27 -
2024-04-26		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
d.adroll.com
Amazon RSA 2048 M01		 2023-10-09 -
2024-11-07		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
*.ads.stickyadstv.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-19 -
2024-05-19		 a year crt.sh
adentifi.com
Amazon RSA 2048 M01		 2023-07-06 -
2024-08-03		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 75 frames:

Primary Page: https://wwwproxy.uscho.com/
Frame ID: 5A90A7AD50C6171DC89CC08DD23B91BE
Requests: 175 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: A75A81E3BA106ED0D958BFF213489237
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&adk=1812271804&adf=3025194257&lmt=1700174294&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~5~6&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294520&bpp=5&bdt=1185&idt=223&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2280687409296&rume=1&frm=20&pv=2&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=257
Frame ID: 3034B2027E4EF867DDE5B9A85F804FAD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Frame ID: F37B592AED9354C58027197544D58A35
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Frame ID: 6D4834633613E8B63CEE683B9EA7A4CC
Requests: 16 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wwwproxy.uscho.com
Frame ID: 19D9A7D237CF7C42EF130E84EC1C79FD
Requests: 2 HTTP requests in this frame

Frame: https://auth.instiengage.com/auth/index.html
Frame ID: 5F9DEDD9E5718C96EAFC981EDAA44137
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Frame ID: FF857D6D83F30C34302B2BF789E01DE5
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Frame ID: C168895C585CF55F8F29B120265056DC
Requests: 27 HTTP requests in this frame

Frame: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 96E40F81875AE9F4533D4B00DADBEA8E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Frame ID: B338F753D72F64A4CE091B2399EFCDBE
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Frame ID: 2CE143D529360F61E6EFC53970315467
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Frame ID: 97C148B061D2A2E1C2082B82C6485A7E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CF35ED370F52AB5A66CA94141450E2B1
Requests: 2 HTTP requests in this frame

Frame: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 770E417DFD5D6641372631C5D753498F
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Frame ID: 51F7CF2F5351DFE12336EE2F9B569DD3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Frame ID: D95D3CC466E825AEF6C299333FC93687
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Frame ID: 4782C1560B0EA0BE0090B8B8C5E673E2
Requests: 5 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 33A8CE0D79AD1AA2F9A8F380CAF2CA5B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNXohrKThteY5TLfDxLFhBDuhvz2N_0XMNuInab1xywgXpCcIfOos1hl7y0JBcfcqHwP-N6S6xYctRirMJWuix9SfLvd3JiLAFNMBb1LAJuEGQ8iSr7D840z8z6fr8SSV7qgSBMx6dc3WSAopPpPnOWynNO0IBLywhwxvUOIRtxFQWx_zy4
Frame ID: FD328C6BBCDFDBEC89E96FDCB15F1B91
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNVvTibibGGYRXd3lgTVMyWrpy45Svm7A3Q2Dyt1VtIL5P564hRHmxnEUI4Lk3ihc_dgdChO_1JE_Gjqc6RX_xnsfFLH8ZD5QmFK2PjARPi9FC-bNtQ1aHkq9zcNes7HTjw78gi-Y1h5bLqT33JFZzacrDt190g6FkaBGx-0qSZ_8p6Nd7w
Frame ID: ABD86C995FE349B652A755BC05E50B59
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: D543ED56E10E5C92F33C9B4BE9C7F87A
Requests: 24 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8AECAB062EB1D2449130019D15F3AFC7
Requests: 3 HTTP requests in this frame

Frame: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D397464772E698C3C0C911B79A68EDFA
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNXg9gB5hQY6DFdjW4qzo_CXVtwBdMc0wd_DQJLlfe_MISP_K_fOeLo_WJidTumiwG6l1_Bm7JqqLynrA09zU88FsLVYYvft-UG3UDe7oDCieKg-PKdI-sliJN8-_jHJ348fs-mzJBj80Pgl-k4OiYpZWOGsV1m_mHLYpKcZ6KLYH9b9zl8
Frame ID: 0B2C7C38FA72FD85AE77AC18CEA99F73
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: CFAA583F1CC72C19D856358B078903A4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWXQG5R6cIMe4WrSUR7EYYGbt-fX18lqmGMPI73tJi13KGkPjVYCyWeYMzFqKrz34G8JvONuxcMY_2SQAe3syn9d_0LbyrOTNUmjXnS0u-qGiDer4rK5bByOmevB8HmvncCp8V0YrxjG0epLwxA6n2yv7GwvfZNf2EtpYBWA_baYWxWv5U
Frame ID: 3CEC24CC6D6D741CE7B2099CDEA46868
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 579A4DDA3A396F9F1B7174ADB1AB7AD3
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Frame ID: 5BF5E200141A1DCF094ADC7B45BF40E0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNUmQtFG-uyQx2pymbIAuDnWO9Oo49AFQe4XapgQDAEPOs1w1eAxATyTJGubR3gluGrCs76O8CJe4mr1oMU5mStS8NpZsVWiYsCHbHcuV3wHVvmEVNFhFP27zULd32-aAjjiF2QObi6UHDL4eRL6WzXfGsdbOLLyiN1ksZ3UUymXJ2MsD_Y
Frame ID: 0D447AD63BEFDED3E1832A1F6CDBF6EB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 6ACAD0C06F74FCD5B6B62018EF88E716
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 8ED58013370289CF7BAB29FA4F185259
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Frame ID: 9173DD85FBAAC23BE41B44E95DE624C4
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Frame ID: 30BB288D4E7E6C0C97974B4877C0A443
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6139C9BD7D052AB111088B00547E788B
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 46FDC76C442D2CAF25E3BB79E226BE3D
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: B10308D524501828392C1C79852D4503
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 790F5CEA26792201E77F1F5F092EBAB0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Frame ID: 73DEF3243B461DC540AE5195E364CB95
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 4D347DB253809642AF8F2C1C40FC1C55
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 741D8854C7B75610CEDA5FA17FEAEED5
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Frame ID: 5EAC8591A58D44E913A92AE7651930BF
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 766E81A4FA2616C0AE12F7856DC3E7DC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D51ADD06222D920CBD10039921BCBFDA
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: F468EBCC371FF5A8022012221F14DE6E
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A985FA5ABE25574D97C05D53484EB913
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
Frame ID: DDAEDD82447F7BEE1F88778428504FAC
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=655699d997345f2ebe36eb1e&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
Frame ID: 2379A8DB00B79FA82C82B4BA7F1BBC43
Requests: 1 HTTP requests in this frame

Frame: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700174297_d5e60670-84d0-11ee-819e-22341370d01f&dt_mode=iframe&dt_url=
Frame ID: 62F5D64738C8856604B406E513212EA6
Requests: 1 HTTP requests in this frame

Frame: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Frame ID: B6D5F014F998B126BC42F25CE7AFDF63
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: CC0BD88E4907BBA8835E006B3167BCCD
Requests: 3 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Frame ID: 9BF23FA4A81132A2612DA200C453F62A
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Frame ID: 070FB0FC1642D9EF31DE9A9759E0BC6C
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: E12C053C690B36284590EDE5DC171907
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: 34B0BF9AE8C5F3C4CC194F4A5A8240FC
Requests: 4 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3DUCFUID
Frame ID: 705B49A715501B44A951B51C2765FD4A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C2662295D67F1C7FD32ADF3D8D7E7E14
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406715
Frame ID: 6F2C3378F9CDE1EBF0B11C74887BFA86
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 294FA7AE9B37C8386A0895E9FAD31FC5
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Frame ID: 8B099F9841088AE7073F88A22D06B52A
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/loopme/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=88248b4b-b127-4075-8c3b-efbeb859fe1e
Frame ID: 0D5D2C2DCDFA32992B9625E6CDCF2D36
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D%24UID
Frame ID: 5531A7999C47A84C040D8CCD58F344DC
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Frame ID: 9A68FC339DD4CCD5FE671AF689B96BC0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3DPM_UID
Frame ID: CE94DF86AD8DA96D6B2E52C64BA25792
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 73AB1F2DE9345B7090FBB5ED57632A3B
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
Frame ID: 0D96BC62EC3D0501C8DF83F1257E7442
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 11EA6BE0D09A1E0C563B21F13C8CDB6F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Frame ID: B4AE714607E5B9C276C35B653F2BC2A4
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Frame ID: 5BBC54C1353B80D83491870D90F19AE0
Requests: 10 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 58E03F657C9047210488DF6984B05632
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: AC3148BD5F94994AD60F769787081D7C
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FF1581056C1974A3E8CCBA20B2282CAB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BB56E31F59FA4DA7ECEBAB195A7FC06C
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wwwproxy.uscho.com
Frame ID: 8A4D31D97E23FC329757830A8385D6DA
Requests: 2 HTTP requests in this frame

Frame: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Frame ID: D6DEB7B72D83069D0FEA5E7CD509ACAA
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Men’s DI College Hockey - College Hockey | USCHO.comsearch

Page URL History Show full URLs

  1. http://wwwproxy.uscho.com/ HTTP 301
    https://wwwproxy.uscho.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • bootstrap-table(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • analytics\.webgains\.io
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

568
Requests

94 %
HTTPS

41 %
IPv6

75
Domains

128
Subdomains

109
IPs

10
Countries

10824 kB
Transfer

21986 kB
Size

73
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wwwproxy.uscho.com/ HTTP 301
    https://wwwproxy.uscho.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99
  • https://www.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto HTTP 301
  • https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
Request Chain 139
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
Request Chain 157
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=uscho.com&sn=ChromeSyncframe&so=0&topUrl=wwwproxy.uscho.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=zFib6XxhZE9LTWJGWVVpenJqZlBySDFhWGo4Rnd5VFcwTE8yTHVWVDk0UFBvRlp0RXEvb2pFcFZtb2taRzFvK3Vwd1JXRG5NbFJVaFd3bGFVd1cvdzkvNlFDSFV6MENIMTRlQXE1ckpmTkV5SnloK2pFN3g5Rnl3YXJXZjlvTXo4NGpnK0FhRjMrcHg0azgwVjZnS1lpSDRKTHkxcnQ4RFVZYVhSMmlrbjBncTF6T3kvNVZ5UmRhVUlhNTgvemRIUU1hOGF4TjFiUEhKRVV2QnRhOGVUS041WmVJTFA5akZaZEdNQVpMUEZ5cGRlRTRQam56bGg2cktHVWNhZU1oc2xwTWVqbmppMmtFZDl1THRPV1BnSC9aQ0QrZz09fA&cppv=2
Request Chain 175
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 220
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Request Chain 221
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Request Chain 222
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
Request Chain 223
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
Request Chain 226
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Request Chain 227
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Request Chain 228
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
Request Chain 229
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
Request Chain 248
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFh6D8jMkQ5QqOfL4a51yHw&google_cver=1
Request Chain 250
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEBn-SPgYDCZ9fVpm5D-teAo&google_cver=1
Request Chain 252
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEHFiNkHd4i6JIbZSLONTB3g&google_cver=1
Request Chain 263
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEF7lROP8ULGp8ejQlNg6Gls&google_cver=1
Request Chain 270
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CiuU21plWZd7VN87G6gTUopvoC-jysph05Oj558EQm4f0_QgQASDhj_UBYJXSoYKwB6ABhtfXvQPIAQKpAp-bbFKUM7I-qAMByAPJBKoEggJP0C77Ufi79bhUaThvXlC-aZrnRGxmIQPbQDhw7E50FJmNAQfL49DjurKscYlKvj0EPVM7KIbNjqYwQSn3rp2OKGHMO2EAWXH5pYnung4wHqU6yxR4o9JsQ-SmcQDJjQFGVOeTvBCigH3PCBklprGP2cmCmm6WkYfNGBiJS9jY-JWvlyaEt97YUuInEnA4fkJzdjBG8EgCFobhlLsqI_N2pu1RztoRw5P4dXjRStFaefBiNyOnLuywfjifmb-auohGSJm-KoNFIwnbCRPh_BExGFvVl3mIYeB0OrsAuAbI0UISAIMa9ZH5RBp6iMb2M8mJAxtDw4fSsSpfuIPjFWjFSJvABKif8-SRBIgFr6TdzUSSBQQIBBgBkgUECAUYBKAGAoAH4qioQqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMvJB9IIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCTtodHRwczovL3d3dy5saWxpZW50aGFsLmJlcmxpbi9jMDEtMTE2LWIwMDRjP3ZvdWNoZXI9c3BlY2lhbIAKAcgLAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAtgTDdAVAYAXAbIXHAoaCAASFHB1Yi00MTkxNjQ3MjQxNDg2ODgwGAA&sigh=9T2hn1oXEqs&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTgDICaaNMQSgDgx3tJgGvbGb2aZKoI_uQxnkhNz2g9oN5-g8HDKCoACPjxOvxN21lSouIHPZT40eBP96yV8mbGbSfAMcbbkse8xI_0xxchgB&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211228507711250533076%22,%22debug_reporting%22:true,%22destination%22:%22https://lilienthal.berlin%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22934669190%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212273280932718791345%22}&andc=true
Request Chain 325
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CppFG1plWZfXKM4ub9u8PlrKe4A-dkcWwc6bj1eiwEdrZHhABIOGP9QFgldKhgrAHoAG52Iy7AcgBCagDAcgDywSqBIcCT9CctsmmD4HrvAL38bFAgSGpoS85HbjEsiq3fob9iQ_5ymFVy92p6abSEwmteYxC4R3SpeHjUe6wMA8RYpXop6C7HbwH23Cx2vgdQmO7EtQAXBJA5tUZ79y15TciLtIuTq3Pbv5BBHU0LgoOChHzAQtdjNvpo87iWgt1eX4u1pQbFMyDd-C4MNXtOlJ6VrWYWonxp3RD5lVvOOhqAk4AuOsA47XE0oAN6cCx4uLzliEFEA_neRVv_9bhwMgn_wFyYCHOWuVelEtbDCox7sLM5XIFL_r6CLK-f3rJgHcRaEenXLtdQDuNS4Yh4r2kMixiuVbfWQPb8uXftZJf6xVDV1z-4Mtj83LABOPY_dG8BIgFpc-D10uSBQQIBBgBkgUECAUYBKAGLoAHr6fzxAKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBD7rAnSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkjaHR0cHM6Ly93YWxkb3JmYXN0b3JpYW1hbGRpdmVzLmNvbS-ACgHICwGiDBAqDgoM5LSxAu61sQK1uLEC2BMN0BUBgBcBshccChoIABIUcHViLTQxOTE2NDcyNDE0ODY4ODAYAA&sigh=WaRKNaNfXvs&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTgDICaaNZPTjjILItiRqJB2zeKjfKwbRFudP220Z7Sbs2YkoCkmDX2DKW11C2ZHw62lyFPGH_x5RGs0MRPlWO5aDh__dSATT7RykUcmN0xgB&template_id=5000&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223885439463398319637%22,%22debug_reporting%22:true,%22destination%22:%22https://waldorfastoriamaldives.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22392375353%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225394813696724326401%22}&andc=true
Request Chain 339
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hQY9tk2w-mgjMdohIuaw3B&adContainerId=brand_safety_15lWZZuAMpm99u8P1oqZ0A0&cbFunctionName=goog_wrapCb_15lWZZuAMpm99u8P1oqZ0A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwwwproxy.uscho.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D600%26slotname%3D6979783657%26adk%3D2620223934%26adf%3D1992271493%26pi%3Dt.ma~as.6979783657%26w%3D300%26lmt%3D1700174295%26format%3D300x600%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294528%26bpp%3D1%26bdt%3D1193%26idt%3D524%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D110%26ady%3D3125%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26fsb%3D1%26dtd%3D527&adsafe_type=d&adsafe_jsinfo=,id:8fda29e4-8b7b-9a3b-8529-f9099e249d77,c:ub0IId,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7bc8d8d488-7kbh2,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c*.990511-61634099%7C1c1%7C1c2%7C1c3%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1c*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:42,oid:d5555f30-84d0-11ee-b1ed-4e0df051348c,v:19.8.460,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZZuAMpm99u8P1oqZ0A0&cbFunctionName=goog_wrapCb_15lWZZuAMpm99u8P1oqZ0A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Request Chain 341
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hpxB842lMVuCsp7PmpMedE&adContainerId=brand_safety_15lWZbOUMoe69u8PiMOm2AU&cbFunctionName=goog_wrapCb_15lWZbOUMoe69u8PiMOm2AU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwwwproxy.uscho.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D600%26slotname%3D6979783657%26adk%3D2668493502%26adf%3D924602298%26pi%3Dt.ma~as.6979783657%26w%3D300%26lmt%3D1700174295%26format%3D300x600%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D1%26bdt%3D1194%26idt%3D552%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D110%26ady%3D4334%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D7%26uci%3Da!7%26btvi%3D4%26fsb%3D1%26dtd%3D556&adsafe_type=d&adsafe_jsinfo=,id:8e38dd9e-d96f-1a1d-b850-f65ba9af288d,c:ub0IIN,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7bc8d8d488-krh9t,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:2,mot:0,app:0,maw:0,fm:tVOC5br+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d*.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1d*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:16,oid:d5555fe3-84d0-11ee-8db4-de68ff700ae7,v:19.8.460,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZbOUMoe69u8PiMOm2AU&cbFunctionName=goog_wrapCb_15lWZbOUMoe69u8PiMOm2AU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Request Chain 343
  • https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 359
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0js_moAyMFeuxN9QD8EHlBN&adContainerId=brand_safety_2JlWZeLmBISS9u8Pmv-JiA4&cbFunctionName=goog_wrapCb_2JlWZeLmBISS9u8Pmv-JiA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwwwproxy.uscho.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D600%26slotname%3D6979783657%26adk%3D485734751%26adf%3D3118553579%26pi%3Dt.ma~as.6979783657%26w%3D300%26lmt%3D1700174294%26format%3D300x600%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294527%26bpp%3D1%26bdt%3D1191%26idt%3D450%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1205%26ady%3D1867%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D5%26uci%3Da!5%26btvi%3D2%26fsb%3D1%26dtd%3D453&adsafe_type=d&adsafe_jsinfo=,id:7a654903-c0c5-b0b2-1465-21a9dfb53cd7,c:ub0IKV,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7bc8d8d488-bmmzt,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tVOC5dr+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a*.990511-61634099%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1d2%7C1d3%7C1d4%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1a*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:25,oid:d565da09-84d0-11ee-9988-f6b45087d294,v:19.8.460,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_2JlWZeLmBISS9u8Pmv-JiA4&cbFunctionName=goog_wrapCb_2JlWZeLmBISS9u8Pmv-JiA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Request Chain 383
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=56038700178904204444994012510019&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
Request Chain 385
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=56038700178904204444994012510019&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
Request Chain 399
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=54424000164569404444554012510003&ra_cnt_active=1&ra_cnt=1 HTTP 302
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
Request Chain 400
  • https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=54424000164569404444554012510003&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=655699d997345f2ebe36eb1e&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
Request Chain 401
  • https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=54424000164569404444554012510003&pv=1 HTTP 302
  • https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700174297_d5e60670-84d0-11ee-819e-22341370d01f&dt_mode=iframe&dt_url=
Request Chain 482
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=cb047f61-843e-4b73-95f4-cdfc29323fad&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6 HTTP 302
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Request Chain 483
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D%7Bviewer_token%7D HTTP 307
  • https://ex.ingage.tech/v1/sync/loopme/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=88248b4b-b127-4075-8c3b-efbeb859fe1e
Request Chain 488
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D HTTP 302
  • https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
Request Chain 504
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 505
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=301c69a9efb449929e021eaf737190d5 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Request Chain 507
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESELJ0jqya_4NPm2V2c8682WU&google_cver=1
Request Chain 510
  • https://trace.mediago.io/ju/cs/indexexchange HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8132f42412b61xm00lp1rvom8
Request Chain 511
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=GR4C4Mgi1R3L065
Request Chain 522
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=c36aaa89212e48f4a2bcd30a37aec7f8 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Request Chain 524
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8414711145187518219
Request Chain 526
  • https://trace.mediago.io/ju/cs/indexexchange HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8c1bfc6592bbow200lp1rvom9
Request Chain 528
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Request Chain 529
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=qyPVnmOPXyNfoHzh_CaV57Ki0Yw
Request Chain 531
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Request Chain 550
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=uscho.com&sn=ChromeSyncframe&so=3&topUrl=wwwproxy.uscho.com&bundle=83z5wF9hJTJGbzJta3hXODE3WHN3JTJCUmFQTFN4Rmh4NSUyRnFwdWl6Y3IyQSUyRm1qUzBlREpDNiUyQjdvelElMkJUYVRtdHl3ZENmeXhmbVZzZFBwS2JoSGd5aDZPeVZFcCUyQndyRGFvUTJiR2Fhc2hjV0kyeE9hOVFKZ0dpNHJKZkFMM2c3ZUpJZWxQaHB1USUyRk13dnJXekVnaTRLVU9oNFBwcVlnJTNEJTNE&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=VCqI8Xx6OStrNWZ0WGRBSW5yU1ZKWksxbldhU1VHcXVCM2o4M1liblIyclRIbTZobU9zd0RhU3h2dE9hT1lVMVh0MnRNREtPOW9aNXpKSUpid2ExdnJLSlZLOStSZEJjT0NOYmhlV0NBZDJPRXordU9BRndrVlBJYWYxMkx0TXRObWprNHRMTit2cnNvQXZzNjRzNW5GdW4xWjI2ZVdFTWRVQ2ptVit0NmJFOFNqWmZtMTg0Z2JERFV0eER0aWkydmRmSVhDVE9nb2syQ3NmNWh1NW5SVlV3L1FuMHNreWpNaXNYNnJBMlE3VzZYQTJUNWNFV1l0Um5rVzhrQVR5ZDN1MmtXV0hKeTcvSVVIeklPZXNFY0IwYkpaamFyTGZEdnA5V2trZWVYVUUxUS9QZz18&cppv=2

568 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wwwproxy.uscho.com/
Redirect Chain
  • http://wwwproxy.uscho.com/
  • https://wwwproxy.uscho.com/
330 KB
55 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d4e3449399ddf68ccf34b773362858d95b9ac768b828ff697f6573b5869a9a40
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 22:38:13 GMT
Expires
Thu, 16 Nov 2023 22:38:13 GMT
Referrer-Policy
same-origin
Server
nginx/1.18.0 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Connection
keep-alive
Content-Length
178
Content-Type
text/html
Date
Thu, 16 Nov 2023 22:38:12 GMT
Location
https://wwwproxy.uscho.com/
Server
nginx/1.18.0 (Ubuntu)
css
fonts.googleapis.com/ 		57 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%20Condensed%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7COpen%20Sans%20Condensed%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7COpen%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%2C700italic%7CPragati%20Narrow%3A400%2C400italic%2C600%2C600italic%2C700%2C700italic%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%2C600%2C600italic%2C700italic&subset=latin%2Clatin-ext&display=swap
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5760268e960a24f33df8d74d270189856f6e2248eff4030f06fe98ef20d25fe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 22:38:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 22:38:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 22:38:13 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		100 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2415fa6d35fe527adf53436bb939f47fb01d5b23105394e3f331d0de5702bfff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31326
x-xss-protection
0
server
cafe
etag
723 / 19677 / m202311090101 / config-hash: 16204867678510254442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:13 GMT
dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
d3lcz8vpax4lo2.cloudfront.net/ads-code/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:8200:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0a17ba6a86af3ed68048863bbdff8366a4c00b37e3811d42351255a58eae8ac1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
w0Wv5dEwVaGfFndb9lYKslSvub92l6BC
content-encoding
br
via
1.1 3c2af29a416fc74eb3d104df3f808fdc.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 22:38:14 GMT
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:20 GMT
server
AmazonS3
etag
W/"413386ae1669d4b6886133e96e14c3b7"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
wEHkAUnm0VrWkIJYRv5dKLAv3ac-UZgeQWNmiXB1l6Bgq78VLWBGsQ==
wgs2.css
wwwproxy.uscho.com/wp-content/plugins/wp-google-search/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/wp-google-search/wgs2.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
style.min.css
wwwproxy.uscho.com/wp-includes/css/dist/block-library/ 		107 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
dashicons.min.css
wwwproxy.uscho.com/wp-includes/css/ 		58 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-includes/css/dashicons.min.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
frontend.css
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/css/ 		492 B
727 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/css/frontend.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fd38cc4f5a1af807a9d255a14d926721a64f42f65c61942d20fdc5902fdda86f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
humix-icon.css
wwwproxy.uscho.com/wp-content/plugins/humix/humix-block/src/assets/ 		176 B
585 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/humix/humix-block/src/assets/humix-icon.css?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f4f5bc9d6560f0070591a6c76ad815195a2a2530aea7b99c4debe126a0042de4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
tablepress-combined.min.css
wwwproxy.uscho.com/wp-content/uploads/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/tablepress-combined.min.css?ver=5
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
a56ff3331dd91c0016db1310c80cb86269f27aa8590ae4d7c1afe1d610eb7fb9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
googlefonts.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
37727880f7138cb2008cbebe912218cdf04ebde2d32b2ead6414f4973c168f4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
style.css
wwwproxy.uscho.com/wp-content/themes/Newspaper/ 		153 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/Newspaper/style.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7fcbb849ee8ed3f4a06797012779e04511bd86ce7f68e6e6e55a315bd121e693
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
custom.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/assets/css/ 		185 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/assets/css/custom.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3bb5a755d2cead52daddbed76beabfe990961f0ff5397eda5b27989a5d7d4deb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
style.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/ 		14 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
6a7cd882bb8944b4b5e40dafbde5f91d051dc6fdf5d924f2ef1c71affa91f790
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
jquery-ui.min.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/ 		30 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/jquery-ui.min.css?ver=1.12.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
u_table.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/u_table.css?ver=9.0.68
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cc89945923d38b792886a72514949dc38cccd49e7f246890a2bd3c2b0e643328
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:13 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1358096
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10391
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-e637"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGS85zRjp%2B7VDNKnmWNcBGqt%2Fr31FzH%2FlzMBd2JFhKs9DJcOHscseObuBbpWy1on8GX1KEZlVFjHBU1YNbZeBKrW%2F59AJSAoGmd84FfiI%2FWOr%2B2eE1iPXmR%2FPnSmBQWRNPenPbkJGoSmMVY%2F7Y67jjiW"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
827339159f611e51-FRA
expires
Tue, 05 Nov 2024 22:38:13 GMT
bootstrap-table.min.css
wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/vendor/bootstrap-table.min.css?ver=1.17.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d6aa4a81b663c869b6e9c3ade8ee99bd6d18de18843ac75ae4670819b8d56d9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
td_legacy_main.css
wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/ 		987 KB
136 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=5a862b9d7c39671de80dd6dee389818b
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ba33741f1b945cfb71d6fe3fb60628af0cb4cce7f464f84c43f5d6457b284272
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:35:03 GMT
jquery.min.js
wwwproxy.uscho.com/wp-includes/js/jquery/ 		86 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Nov 2023 03:33:28 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
jquery-migrate.min.js
wwwproxy.uscho.com/wp-includes/js/jquery/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Oct 2023 01:46:44 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
ad-blocking-advisor.js
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ 		700 B
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ad-blocking-advisor.js?ver=6.4.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
630449d41b41ba38bf6ded286f77e3b04ae2a8dfce0cef7b55a9c00003c2a44b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 15:44:36 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
jquery-ui.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/ 		248 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/jquery-ui.min.js?ver=1.12.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:01:03 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
uscho.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/uscho.js?ver=1.4.19
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e082e6b7c3dadd692d57462fe0c10ac1007282fbfe4317c06f1136e836694ebc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Sep 2020 21:06:05 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
uscho_scoreboard.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/uscho_scoreboard.js?ver=1.6.27
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3f973d52c2e5dd999a84bc6b9a0e82aed56c24a0b3c34819de4badba69e6ca88
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 28 Jan 2023 22:34:39 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
bootstrap.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/ 		57 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/bootstrap.min.js?ver=4.3.1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:31 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
bootstrap-table.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/bootstrap-table.min.js?ver=1.14.2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ff17df18c29c83710f08d1add651f127d74dfde3250fc9e83afb69b40047465b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:16 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
js
www.googletagmanager.com/gtag/ 		186 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4aba982b324e91067e71f3e244196e486eb54b07bcb552eca140762a722c9929
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68573
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Nov 2023 22:38:14 GMT
cse.js
cse.google.com/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
5cd5fc5eaddb10da9e350910d3efa01173e0d5dd2f138834dfb3b835e3de68c4
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-miezAw0vQTJXpxtolOU3AA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-miezAw0vQTJXpxtolOU3AA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding
br
date
Thu, 16 Nov 2023 22:38:14 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2460
x-xss-protection
0
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
server
gws
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires
Thu, 16 Nov 2023 22:38:14 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9e17c64c951a99f128152c679eb2317fe523bc0f27f9c5386f3325e6f2933cd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52682
x-xss-protection
0
server
cafe
etag
6889521872309116589
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:14 GMT
uscho150-150x22.png
wwwproxy.uscho.com/wp-content/uploads/2019/07/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/07/uscho150-150x22.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
581e9b691f11ca7c7b803f9bdd70bb110d982213c025de8cc47d8556388ef6f2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 02:10:13 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1386
Expires
Thu, 31 Dec 2037 23:55:55 GMT
uw.gif
wwwproxy.uscho.com/images/logos/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/images/logos/uw.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3882
Expires
Thu, 31 Dec 2037 23:55:55 GMT
wis.gif
wwwproxy.uscho.com/images/logos/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/images/logos/wis.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3882
Expires
Thu, 31 Dec 2037 23:55:55 GMT
plattst.gif
wwwproxy.uscho.com/images/logos/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/images/logos/plattst.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
15fda53fec50af3afccaabeddfb604989393a704cbe5f0004bf0822f51b5288b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2160
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ga.gif
wwwproxy.uscho.com/images/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/images/logos/ga.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f745c6f5fa5259ec3c8d56fd08f1c892dff209e6cff2345436d33535e1da8954
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Oct 2023 17:14:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2009
Expires
Thu, 31 Dec 2037 23:55:55 GMT
unnamed.gif
wwwproxy.uscho.com/wp-content/uploads/2019/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/unnamed.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
8d664e01881d90325f0d0f03bc0a2b3745d130fd309c172119a965d66324976a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Fri, 04 Oct 2019 21:25:24 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7024
Expires
Thu, 31 Dec 2037 23:55:55 GMT
google_cse_v2.js
wwwproxy.uscho.com/wp-content/plugins/wp-google-search/assets/js/ 		468 B
825 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/wp-google-search/assets/js/google_cse_v2.js?ver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 24 Sep 2022 00:44:31 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:23 GMT
ads.js
wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ 		151 B
650 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/ad-blocking-advisor/js/ads.js?ver=1700170837
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f9e21fe0f386e1eb0f9113df90ab2ccbbcf9a2ec39e26130d32fd0b3a5a31ba5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Sep 2019 15:44:36 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:38:14 GMT
tagdiv_theme.min.js
wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/js/ 		223 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=9.8
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4e8a9f91efa071fef1ae36b2178873b6c92e16a7d4a1087468e85609c2e68d85
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 25 Sep 2019 17:36:29 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:24 GMT
new-tab.js
wwwproxy.uscho.com/wp-content/plugins/page-links-to/dist/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 01 Mar 2022 18:13:43 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:24 GMT
popper.min.js
wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/js/vendor/popper.min.js?ver=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 09 Sep 2020 19:00:51 GMT
Server
nginx/1.18.0 (Ubuntu)
Content-Encoding
gzip
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-Frame-Options
DENY
Connection
keep-alive
Expires
Fri, 15 Nov 2024 22:37:24 GMT
cc7c52ff-f462-471f-b44e-693e487d499a.js
d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/ 		403 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:8200:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd9818ab6cef998db6194180ff87119e5f076d616a03e51634aa52fa2f1c4a98

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
psSndnVBR12Ds.rFxIwPJH2dPqdDTVC8
content-encoding
br
via
1.1 3c2af29a416fc74eb3d104df3f808fdc.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 07:59:45 GMT
x-amz-cf-pop
ZRH55-P1
age
52709
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 24 Oct 2023 21:18:07 GMT
server
AmazonS3
etag
W/"8f58a9dd76a56445be9a22137d074e2c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-id
VaDpfqHj58WWoDKdA8foL7NPgG7a1K49OgMt1GPmbid6YNHXNqkF8A==
cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/ 		160 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:8200:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3e01853afa2f8a06e0aaf4352b56064214e570b582e12994774bdefe9c1fbc6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
UVKrFAwtZn5Vl_WrazXSwj7qFZck4zw0
content-encoding
br
via
1.1 3c2af29a416fc74eb3d104df3f808fdc.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 22:38:15 GMT
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:18 GMT
server
AmazonS3
etag
W/"3aabef5e72feee9fd54af2429a61ddbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
Mp_vXKGp0gV9yedrLM6WFbJj9bjxZQFh0eucCXO-iO8v19uSHXiQGQ==
cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:8200:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0cae8f6632d5aa082e7b7ef0cc7a82ed2840fa700e6ee3f322006160652a6a21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
hHmfboLbuM2vGtJBtky49drSfk2VBA3a
content-encoding
br
via
1.1 3c2af29a416fc74eb3d104df3f808fdc.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 22:38:15 GMT
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 13 Nov 2023 23:16:19 GMT
server
AmazonS3
etag
W/"ce8c0d0d092d33485bebca5cabb97cd9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=60
x-amz-cf-id
VhmO12CEMCXBDQKcaRP8155-n85qgqXjlOGFmrA1QZR9qTeX7F7j6Q==
20232024
json-b.uscho.com/json/topperformers/m/I/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://json-b.uscho.com/json/topperformers/m/I/20232024
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.172.136.17 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
powerplay.uscho.com
Software
LiteSpeed /
Resource Hash
8fe2117aa4c725f0e3b1a96f6172f46814b450fd315db1d0d2617339e57f025e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
server
LiteSpeed
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-litespeed-cache-control
max-age=120,no-cache
cache-control
no-cache, private
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
636
noah_laba_cc-696x392.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/noah_laba_cc-696x392.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
75065914a896ca9bfa4af76d086699d6f5b994d28285d2e9b2b8cc6889a4747a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2023 22:20:29 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31353
Expires
Thu, 31 Dec 2037 23:55:55 GMT
tyler_rubin2-696x416.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/tyler_rubin2-696x416.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1deed95852a49e7f7b4527125ff12e8ce75568fd6e1d91befca131bd595fd5ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 17:24:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
40562
Expires
Thu, 31 Dec 2037 23:55:55 GMT
nmu_shlaine-696x423.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/nmu_shlaine-696x423.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b1f275e8c57349ed7e21f7ab7176799e90229135ed5133614811ef887adda03d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 16 Nov 2023 01:56:53 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44108
Expires
Thu, 31 Dec 2037 23:55:55 GMT
spotlight-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2019/10/ 		381 KB
382 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/spotlight-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bf7ebd4fad51be7d4fee8cfa34c08ef3f62d3cfa386ecce4e85a0c1ce6cb32c0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 26 Jun 2021 17:21:12 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
390227
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bentley_bench-scaled-e1700012811583-696x394.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/bentley_bench-scaled-e1700012811583-696x394.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1d12c1a3dfa6b5a6dcda054067f4f756586710deb639f092babdbfeb2deeb721
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 01:46:54 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
64534
Expires
Thu, 31 Dec 2037 23:55:55 GMT
uw_group_tom_lynn-696x425.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		523 KB
523 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/uw_group_tom_lynn-696x425.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d7e664184b2eeb05112f250badaca2cd8c7b602958c2fe8ec4ca07338d763bbc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Nov 2023 01:32:08 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
535451
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jeffries_merrimack-696x421.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/jeffries_merrimack-696x421.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bf9c4c020ac4280f500779c26abe069e693f9047edef968d7cb27b2aacb0bb4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2023 22:12:46 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
55493
Expires
Thu, 31 Dec 2037 23:55:55 GMT
beanpot_td-garden-696x393.jpg
wwwproxy.uscho.com/wp-content/uploads/2020/11/ 		70 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2020/11/beanpot_td-garden-696x393.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ec13d6ada1280c8f59b420f94a57f26725f26422667197ff7acf159e7f04e832
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 16 Nov 2020 20:38:47 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
71952
Expires
Thu, 31 Dec 2037 23:55:55 GMT
victor_ostman-696x435.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		598 KB
598 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/victor_ostman-696x435.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3b29eac9127bcd1305d4c5528798e05546a55f55a13d21eaabbef0fc98938094
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2023 00:54:57 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
612257
Expires
Thu, 31 Dec 2037 23:55:55 GMT
weekend-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2019/10/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/10/weekend-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c2d040825ca177c72048dfbc2a69b92907313e50a8126e04ab9e820edadad11d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Sep 2020 20:34:25 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51303
Expires
Thu, 31 Dec 2037 23:55:55 GMT
quinn_finley_uw-696x408.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		405 KB
406 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/quinn_finley_uw-696x408.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
01ceac3cb0b0c8905f0b522e43ad391744e0daa2aa5594158b59b6c468da1472
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 17:37:34 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
415053
Expires
Thu, 31 Dec 2037 23:55:55 GMT
dillan_bentley.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		88 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/dillan_bentley.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c744a42ecfaf5faa40dc9af8b27a5638ee4cf42ac9261037eac09d8732284b61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 16:07:28 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
90295
Expires
Thu, 31 Dec 2037 23:55:55 GMT
scsu_bill_prout-e1699878686528-696x448.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/scsu_bill_prout-e1699878686528-696x448.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
61f8cc4a9f44ce199de46c6bc9a1ba02ffdacd23a7ae71d800e5364d057ab06c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 Nov 2023 12:31:27 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
76959
Expires
Thu, 31 Dec 2037 23:55:55 GMT
1_20231115_213825_0000-696x696.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		397 KB
398 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/1_20231115_213825_0000-696x696.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c509aad73831b134cf895163606a337481b3a2bfd483e5331d8e092eb4055c6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 16 Nov 2023 05:37:56 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
406831
Expires
Thu, 31 Dec 2037 23:55:55 GMT
rmu-schooley.jpg
wwwproxy.uscho.com/wp-content/uploads/2019/01/ 		162 KB
163 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2019/01/rmu-schooley.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
af4cb1079334e25d083285e5220cd7845056a6c8f69f3739dc86519a06ae4da4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 24 Aug 2020 18:27:18 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
166017
Expires
Thu, 31 Dec 2037 23:55:55 GMT
graf_rasmussen-696x391.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/04/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/04/graf_rasmussen-696x391.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c37757fcea357c2078afb149e652876779c1f620f4d9fa7afd424f5362643500
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 13 Apr 2023 14:19:37 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43403
Expires
Thu, 31 Dec 2037 23:55:55 GMT
weems_fanti-696x464.jpg
wwwproxy.uscho.com/wp-content/uploads/2022/05/ 		70 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2022/05/weems_fanti-696x464.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
9984cb6b0be2a839539669a0a04a44e515408d658b171b39177397cc061ed845
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 12 May 2022 18:56:13 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
72064
Expires
Thu, 31 Dec 2037 23:55:55 GMT
cooper_black-696x392.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/cooper_black-696x392.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
40f56cf19caa8b74afc841450fa828596a35c4733a6e2a7a6261f3e8f2388332
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 01:52:23 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
47620
Expires
Thu, 31 Dec 2037 23:55:55 GMT
lssu28-696x406.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		372 KB
373 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/lssu28-696x406.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ef6dcd95c9fbfdb77c4e8532f768c9b5dffba55e028748d3e9176602223ab126
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 01:39:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
381391
Expires
Thu, 31 Dec 2037 23:55:55 GMT
gotkin_bench_mercyhurst-696x419.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		432 KB
432 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/gotkin_bench_mercyhurst-696x419.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fe2c332a9c0f3365c409187c3ada915ae20d99841cd054f20f59c1649c8ca01d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Nov 2023 01:59:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
441952
Expires
Thu, 31 Dec 2037 23:55:55 GMT
osu93-696x443.png
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		364 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/osu93-696x443.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b6fbaa05c45d558628365fb49a71e5521d8883747f8778a370be7540faa19e6c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 03:06:59 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
372342
Expires
Thu, 31 Dec 2037 23:55:55 GMT
z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMQg.ttf
fonts.gstatic.com/s/opensanscondensed/v14/ 		31 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensanscondensed/v14/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMQg.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8049b940f02850ebdea3e3c0bfeb7a62491111121894e6394cae14bed2a9264
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 12:54:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
553448
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20839
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:17:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 12:54:06 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
251401
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
80148
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-13914"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7ETYnE5SPjGEEsW80hMmYTSL%2FyLZD74ZkkeKIgZ6wdiBwX6%2BImmC%2BUQ0MzjVdE7xED2cA16RHI1xobHMQ9Ukff3jBN2teS8Rs%2Bd9Gv0OK9LyUaGFiR7dbbFcsJbgWrUBdrzfJgOf2mvVxOIhyftMO3B"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8273391b1d293668-FRA
expires
Tue, 05 Nov 2024 22:38:14 GMT
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
779249965fcc56df5ccc2c89293a582fbea63f785bc4041c878106b01b725dcb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css?ver=5.14.0
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
526676
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
77400
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-12e58"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRitNrgAwb3OPkpedzHrRCZs0JNA8VQDHfRMYX%2FwGwhDFaf4o45Xi2R%2BowqOozhQ0lcBaffuXCdY2Qs72luKx%2FXJ9yhRgUgKxthgKc92ZFduzbWp4tNpBBGXhF11qqajPOxvncDYMjCRZMT9UNbmrcFq"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8273391b1d273668-FRA
expires
Tue, 05 Nov 2024 22:38:14 GMT
mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
fonts.gstatic.com/s/opensans/v17/ 		28 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 11 Nov 2023 01:58:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
506378
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19068
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:30:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 10 Nov 2024 01:58:36 GMT
mem5YaGs126MiZpBA-UNirkOUuhs.ttf
fonts.gstatic.com/s/opensans/v17/ 		27 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhs.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
23fea0a987694a487d5e053345c610b6c2b0cee5943e6c54dffa8c4d3b8c2a27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:44:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
255246
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18834
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:31:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:44:08 GMT
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v17/ 		26 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0e.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 04:13:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
239094
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18276
x-xss-protection
0
last-modified
Tue, 23 Jul 2019 19:30:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Nov 2024 04:13:20 GMT
quant.js
secure.quantserve.com/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
etag
"e23JaXq4HVtlOmThpFhluQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Thu, 23 Nov 2023 22:38:14 GMT
umass_mich2-696x391.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/11/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/11/umass_mich2-696x391.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5fa27a71e7530663c8bfb835f67d72d7485a5582a82be83004871a661995e833
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 23:22:02 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
52057
Expires
Thu, 31 Dec 2037 23:55:55 GMT
adam_johnson-696x522.jpg
wwwproxy.uscho.com/wp-content/uploads/2023/10/ 		85 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/uploads/2023/10/adam_johnson-696x522.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4f4206ab2f0fb5c89167649b6980f3a4b6c90a30c448d42dcb90960e2c44005c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sun, 29 Oct 2023 15:07:05 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
87125
Expires
Thu, 31 Dec 2037 23:55:55 GMT
event
event.insticator.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.87.131.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-131-239.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
content-length
0
date
Thu, 16 Nov 2023 22:38:14 GMT
vary
Origin
event
event.insticator.com/v1/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-dmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.87.131.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-131-239.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:14 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
tag
btloader.com/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?o=4879373895204864&upapi=true
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10c53fec666f188d628fea7bfdd6b30cb24b9a55ac0c9ef3dcf15f562b2fd9a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 22:26:26 GMT
server
cloudflare
age
471
etag
"eac5a31618cfb503c65ce89006841ff9"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges
bytes
cf-ray
8273391baec73a5a-FRA
content-length
24388
/
geoip.insticator.com/json/ 		247 B
436 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geoip.insticator.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.225.205.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-205-186.compute-1.amazonaws.com
Software
/
Resource Hash
dcb07f18cc22ff5d5d8e4850ac3d93b32dc933e747fb6c865a87ed757da128f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:14 GMT
access-control-allow-credentials
true
x-database-date
Thu, 16 Nov 2023 22:09:32 GMT
content-length
247
vary
Origin
content-type
application/json
event
event.insticator.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.87.131.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-131-239.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
content-length
0
date
Thu, 16 Nov 2023 22:38:14 GMT
vary
Origin
config.js
cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/ 		112 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8ae744a57b39fe4ced7328838882eb465d5452d03a7b424dfd9eea9d3849c1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 17:01:36 GMT
server
cloudflare
x-amz-request-id
B7BKX36YMQWA7864
age
181
etag
W/"79e32fb3170c03f8dc4afa6e34d84eeb"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
8273391c1aff9156-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Y1YC7/z2SQa16mBpK5ov/4DmlgXCCQQ0nhIOcWgiLvvtc9bD9Dw4zGAhbCDfsBLfWwXdpuYNUCHEUUs+iBk0SeJMonLU1usV39um/wzDDoI=
event
event.insticator.com/v1/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a-hb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.87.131.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-131-239.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:14 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
openrtb
ex.ingage.tech/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ex.ingage.tech/v1/openrtb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wwwproxy.uscho.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-max-age
3600
cf-cache-status
DYNAMIC
cf-ray
8273391c6a2391e9-FRA
content-length
0
date
Thu, 16 Nov 2023 22:38:14 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Headers
c
prebid.a-mo.net/a/ 		0
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

x-nbr
1
date
Thu, 16 Nov 2023 22:38:13 GMT
server
envoy
vary
origin, Accept-Encoding
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
translator
hbopenbid.pubmatic.com/ 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:13 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
ap.lijit.com/rtb/ 		94 B
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.42.0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
739ed8eaf1fcba373c8e2f54b4edc987484b3cf2106ac4871050ab12e1d7138e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 16 Nov 2023 22:38:14 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://wwwproxy.uscho.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 		0
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fa8:8806:12::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
nginx
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
expires
0
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
550 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=579236
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff02c72033cfa80f94ec235be8379e3c0a6b3f535448a219fd3f7a164e6c593e

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJG9KQ2PZ4NO5j99CXaLcKQn2AO7r%2BUAP1CrlUrDnNTerb0SBGrlqSonzRveZH7SD%2BDkO5LJ0IucN0RzDe1fiQ1BHtq1%2FQocaMmus%2FFfCT1Y5xMNF0y1nqnVMMIKDsPHw5pJIzua"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
8273391c5c4e195c-FRA
alt-svc
h3=":443"; ma=86400
content-length
37
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		461 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=153530&zone_id=771356%3B771358&size_id=15&alt_size_ids=14%2C16%2C43%2C117&rp_schain=1.0,1!insticator.com,c8afe158-72c1-454b-9574-c150e9630cb3,1,,,&eid_pubcid.org=83b49162-0258-4220-a42d-d81519ad0867%5E1&rf=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.domain=wwwproxy.uscho.com&tg_i.page=https%3A%2F%2Fwwwproxy.uscho.com%2F&tg_i.pbadslot=uscho.com-div-insticator-ad-1%3Buscho.com-div-insticator-ad-2&tk_flint=pbjs_lite_v7.42.0&x_source.tid=891d9449-93f2-4dc5-baa1-3415c9083710%3B080dadea-b97c-46a2-8e7c-a613e0d5a32e&l_pb_bid_id=17de21d4b86e8cc%3B1823ca9b3e946eb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=uscho.com-div-insticator-ad-1%3Buscho.com-div-insticator-ad-2&slots=2&rand=0.9238140523774085
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::45 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
65f0d85fb357558ec6e4170bcd3eee312c0fcc93aece6866688017d41e37cb23

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
openrtb
ex.ingage.tech/v1/ 		2 KB
875 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ex.ingage.tech/v1/openrtb
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50572db509871d30d06ce413fdb34e7321976c553b245e977c31ac34922535d

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
cf-ray
8273391d483f697f-FRA
imp
g2.gumgum.com/hbid/ 		2 B
333 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700174294424&to=-60&aun=div-insticator-ad-1&pubcid=83b49162-0258-4220-a42d-d81519ad0867&gpid=uscho.com-div-insticator-ad-1&maxw=336&maxh=280&si=18035&pi=3&bf=250x250%2C320x50%2C320x100%2C336x280%2C300x250&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C191c8c0dc2ce797%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwwwproxy.uscho.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.42.0%22%7D&ogu=https%3A%2F%2Fwww.uscho.com%2F&ns=9830
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
content-length
2
expires
0
imp
g2.gumgum.com/hbid/ 		2 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700174294425&to=-60&aun=div-insticator-ad-2&pubcid=83b49162-0258-4220-a42d-d81519ad0867&gpid=uscho.com-div-insticator-ad-2&maxw=336&maxh=280&si=18036&pi=3&bf=250x250%2C320x50%2C320x100%2C336x280%2C300x250&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C191c8c0dc2ce797%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwwwproxy.uscho.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.42.0%22%7D&ogu=https%3A%2F%2Fwww.uscho.com%2F&ns=9830
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
content-length
2
expires
0
trinity.json
apex.go.sonobi.com/ 		116 B
912 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2226eba84cfd44fbe%22%3A%2236da7d94d2c3aa4af27d%7C250x250%2C320x50%2C320x100%2C336x280%2C300x250%7Cgpid%3Duscho.com-div-insticator-ad-1%2Cc%3Dd%2C%22%2C%22271b9610bae4af2%22%3A%220d770b9786c0a7f313cd%7C250x250%2C320x50%2C320x100%2C336x280%2C300x250%7Cgpid%3Duscho.com-div-insticator-ad-2%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwwwproxy.uscho.com%2F&s=d6ba7438-f027-4387-9e22-c8d51a7a69b9&pv=4b6fd85b-14e4-4125-b8bc-0a38af1a0813&vp=desktop&lib_name=prebid&lib_v=7.42.0&us=50&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22wwwproxy.uscho.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22uscho.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fwwwproxy.uscho.com%2F%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%22c8afe158-72c1-454b-9574-c150e9630cb3%22%2C%22hp%22%3A1%2C%22rid%22%3A%22191c8c0dc2ce797%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2283b49162-0258-4220-a42d-d81519ad0867%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.32 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
9a73d94c271536a26d00014dc06993cc5d6f9f64f1609e53b2d931a03c3beead
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-191
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
141
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		260 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
a51d8c00841ca528cb83b450f1e79f76481917e0c52e4af3cf4e21707a3c82a0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
an-x-request-uuid
43b99eaf-de4d-4ea5-b9a0-5ace6ef66d67
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
260
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.42.0&cb=84202366975&lsavail=1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:13 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
hb
ssc.33across.com/api/v1/ 		87 B
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
f56c7216a36dd7d5f47a38fe3a80e9e8152d8a8a97e73d876ac116b152e11f78

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		87 B
179 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
f56c7216a36dd7d5f47a38fe3a80e9e8152d8a8a97e73d876ac116b152e11f78

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
arj
insticator-d.openx.net/w/1.0/ 		73 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwwwproxy.uscho.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=891d9449-93f2-4dc5-baa1-3415c9083710%2C080dadea-b97c-46a2-8e7c-a613e0d5a32e&nocache=1700174294449&sua=%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D&pubcid=83b49162-0258-4220-a42d-d81519ad0867&schain=1.0%2C1!insticator.com%2Cc8afe158-72c1-454b-9574-c150e9630cb3%2C1%2C191c8c0dc2ce797%2C%2C&aus=250x250%2C320x50%2C320x100%2C336x280%2C300x250%7C250x250%2C320x50%2C320x100%2C336x280%2C300x250&divids=div-insticator-ad-1%2Cdiv-insticator-ad-2&aucs=uscho.com-div-insticator-ad-1%2Cuscho.com-div-insticator-ad-2&auid=558599904%2C558599904
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
d620d85b3f182803e1ff644f05aa85514032731b60f75851b03f3500aac2c2e7

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 		429 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 10:54:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
42248
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137535
x-xss-protection
0
server
cafe
etag
18342593356503948095
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Fri, 15 Nov 2024 10:54:06 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		1 KB
514 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=wwwproxy.uscho.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae9a3e4b6126d41fef61d81df21fe17e5e053bd5bcd52187e43bd67bee0fe214
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
489
x-xss-protection
0
expires
Thu, 16 Nov 2023 22:38:14 GMT
cse.js
cse.google.com/cse/
Redirect Chain
  • https://www.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
  • https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
871e81a4aeb7aa22946eaa1edba78a5732e0ddb3729c5c463690e342ca7b5ce4
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-9KMKuefbuxgcfCk16_UvBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-9KMKuefbuxgcfCk16_UvBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding
br
date
Thu, 16 Nov 2023 22:38:14 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2461
x-xss-protection
0
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
server
gws
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires
Thu, 16 Nov 2023 22:38:14 GMT

Redirect headers

date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
location
https://cse.google.com/cse/cse.js?cx=010839661138275584990:ohfkrt3zoto
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
267
x-xss-protection
0
expires
Thu, 16 Nov 2023 23:08:14 GMT
rules-p-an_CHGCH-wfKr.js
rules.quantcount.com/ 		160 B
642 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-an_CHGCH-wfKr.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:4a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e7ffdc17f9a380f6376691bc77f18787b35359f2bd140b637a4e530bf5606f0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:44:26 GMT
via
1.1 b50b0f4274b74414c7dcdb544e6090a2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH55-P1
age
3229
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Thu, 13 Oct 2022 23:03:05 GMT
server
AmazonS3
etag
"22f4da4063f1225e531d8ed42a7b3ec2"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
5oAsZ6c5bY_bRfPS__jwI9EFbW5Qc7zFizSKJv_0U9d0NNIAxAW20g==
cse_element__en.js
www.google.com/cse/static/element/2b35e7a15e0e30e2/ 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/2b35e7a15e0e30e2/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dbf7eb98f997a8df116c6515ce77a2e76be2dafbdbc62cd7feade398544ac0a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106943
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 17:44:48 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 22:38:14 GMT
default+en.css
www.google.com/cse/static/element/2b35e7a15e0e30e2/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/2b35e7a15e0e30e2/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9068
x-xss-protection
0
last-modified
Tue, 07 Nov 2023 17:44:48 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 22:38:14 GMT
default.css
www.google.com/cse/static/style/look/v4/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/style/look/v4/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=010839661138275584990:ohfkrt3zoto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:03:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2082
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1345
x-xss-protection
0
last-modified
Wed, 17 Jun 2020 00:00:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Nov 2023 22:53:32 GMT
js
www.googletagmanager.com/gtag/ 		293 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
77bc02a349f7d5d971084f507c88ad14423b43b4eac522e2eca4ab2734be43e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97221
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 16 Nov 2023 22:38:14 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-541124-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 16 Nov 2023 21:16:44 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4890
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 16 Nov 2023 23:16:44 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 		400 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2a900384426ebfde7fc7458431efef8dde0a35fa1177509b0808bc6f47254a6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138529
x-xss-protection
0
server
cafe
etag
1674355932876928482
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:14 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame A75A 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
19117
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 17:19:37 GMT
etag
16674218716276178799
expires
Thu, 30 Nov 2023 17:19:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
state
api.btloader.com/mw/ 		0
101 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/mw/state?bt_env=prod
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 22:38:14 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
px.gif
ad-delivery.net/ 		43 B
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
251675
x-guploader-uploadid
ABPtcPotMzAk_PXdP4lDJbxFB-dakU62vraHnUwu3723NNfhtDK99UwPdSTBUiJfoqZlvJGrhdmF9xxDcg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNQ4yHHPXUJpPz1PmYOJyZmOgVmDjd8BzUtN4jj9q2SzsYscZBf3GKwq2Gadk8ddRTEH%2FghuXY6%2B69b5CWa9iNsOOn5ZYA5SUA47kxPiyYU5g6MD97nGqoPcknjJKX3v8Jxd%2FT3tRjYD9owdHw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8273391d49b71ca9-FRA
expires
Tue, 14 Nov 2023 00:46:22 GMT
favicon.ico
ad.doubleclick.net/ 		1 KB
571 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 19:27:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11446
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 19:27:28 GMT
px.gif
ad-delivery.net/ 		43 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.6307510570709174
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
251675
x-guploader-uploadid
ABPtcPotMzAk_PXdP4lDJbxFB-dakU62vraHnUwu3723NNfhtDK99UwPdSTBUiJfoqZlvJGrhdmF9xxDcg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nsc6%2FdZAAczkoHCqkme6nHb%2BJTjp5OhFwyht5Q0VTyRBbbd7Z%2F1%2BHQ8JskV%2BbX1CpMcm8yjnvJzxh9DXqgHNHJIyEBmPfWqc%2F6h9aRdAfpTFdXHMWetL4HZNse%2Bqf8Ivouq3hMTzSTjItF%2FvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8273391d49b81ca9-FRA
expires
Tue, 14 Nov 2023 00:46:22 GMT
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/ 		264 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
799J46HMR8DD5A13
age
1451013
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8273391d1c089156-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
L30FBUoK3+qa9TaVHV8UbthO93NUx1Q04YkeosmwBd6K2/gH7I81ik1fmNd4GmCx3Y6boBrXByA=
rum.js
pagead2.googlesyndication.com/pagead/js/ 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/rum.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:05:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
1970
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:05:24 GMT
connectId-gpt.js
connectid.analytics.yahoo.com/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connectid.analytics.yahoo.com/connectId-gpt.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2090:c400:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
Security Headers
Name Value
Content-Security-Policy default-src 'self'

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:30:04 GMT
via
1.1 f5a3dd79e879ec195790fd94291f3198.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'
x-amz-cf-pop
AMS58-P1
age
491
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
8730
x-amz-expiration
expiry-date="Tue, 17 Oct 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
last-modified
Tue, 17 Oct 2023 13:17:45 GMT
server
AmazonS3
etag
"c46e30de24d0f12167e302e9e32ff4a5"
content-type
application/javascript
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
6nzdUt8qcDmaSLs1K6rSoe39kBDBABYu_SQi_viXQVBbswiEVFoHFQ==
uid2SecureSignal.js
cdn.prod.uidapi.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:e00:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date
Thu, 16 Nov 2023 06:17:34 GMT
Via
1.1 16aa5c15345b1c0756b83a5ae8ee765e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P2
Age
58841
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
2776
Last-Modified
Thu, 19 Oct 2023 06:40:11 GMT
Server
AmazonS3
ETag
"a3a9a9ee8e72db69d54e805f0586c651"
Content-Type
text/javascript
Accept-Ranges
bytes
X-Amz-Cf-Id
KAGLD8us_8pVLNIL6tL9eMSf6gxm40wPMdOm5_b_x01OC5R_lXROIw==
esp.js
cdn.id5-sync.com/api/1.0/ 		155 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
902f47bc9eeb026da8cbcef8c7ec51aaa1f73bf7ca587c8694cceb36ff91a92e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 16 Nov 2023 09:30:02 GMT
server
cloudflare
x-amz-request-id
DSZ7VZFPFNAM3DNA
age
194
etag
W/"5cdc7028bae687cbffcc9d7982dd9ad5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
8273391d6b2e363c-FRA
x-amz-id-2
/Y8oywbmXyZN3uuCY4Iy2pxltRcx0aSbxA6I8Rq6oC7ZAYFA8t1j1cqD/Dl2ScoDaIYdGPVbe0k=
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:28:00 GMT
content-encoding
gzip
age
177014
x-guploader-uploadid
ABPtcPosiWJMTi6DpSufSORNQNukYiP051dDMboge2ChLaAOCj32gcVycc6YGc4ZmCsMil6S048JGg_x_bo6NsyokUiiiqWjYCfy
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Wed, 13 Nov 2024 21:28:00 GMT
ob.js
cdn-ima.33across.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 30 Oct 2023 20:31:13 GMT
server
cloudflare
age
496532
etag
W/"65401291-2b7d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
8273391d88164db3-FRA
expires
Sun, 19 Nov 2023 22:38:14 GMT
publishertag.ids.js
static.criteo.net/js/ld/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-a9a7"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 22:38:14 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.103.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-103-78.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:10:13 GMT
content-encoding
gzip
via
1.1 8455bcb2c0203b0c4ee93b610d75e69a.cloudfront.net (CloudFront)
last-modified
Wed, 06 Sep 2023 15:56:57 GMT
server
AmazonS3
x-amz-cf-pop
ZRH50-C1
age
53995
x-amz-server-side-encryption
AES256
etag
W/"e073e71ed7a44e6f9cdd72904fda5940"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
cCGWAJIK9XZqEAfS5SN3X33XZ2uAru8F8_guYAQNNXAWTA7VKw6pKw==
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 03 Aug 2023 03:28:51 GMT
server
Google Frontend
etag
fc4e6bfe266081c4873c6f08c8298e5c
content-type
text/javascript; charset=utf-8
x-cloud-trace-context
86f37e13fca8ae17ef665539365d8ef3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1207
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 		732 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
15487
x-jsd-version
master
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230100-FRA
x-jsd-version-type
branch
server
cloudflare
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oyAldhTaVt%2BSGmCYTlz08Bgv74LZxAlngFsVwASGBkT3iSOm1tZK14dD7FYc4v%2FTxBHYZHOiIuzUrIcZc3vFAfyK6Roz0sfBGtTzj6tOFwSyVKf%2BpLuH1T4sJFj2FEAVr5nCc0Ov8D9EJ875rEk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
8273391dca1a9219-FRA
collect
www.google-analytics.com/j/ 		2 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1637000408&t=pageview&_s=1&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&ul=en-us&de=UTF-8&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1694494966&gjid=1095488136&cid=2044206632.1700174295&tid=UA-541124-2&_gid=1959391491.1700174295&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=606201784
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel;r=1751657449;rf=0;a=p-an_CHGCH-wfKr;url=https%3A%2F%2Fwwwproxy.uscho.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-920427330-1700174294495;pbc...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1751657449;rf=0;a=p-an_CHGCH-wfKr;url=https%3A%2F%2Fwwwproxy.uscho.com%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-920427330-1700174294495;pbc=83b49162-0258-4220-a42d-d81519ad0867;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;ref=;d=uscho.com;dst=1;et=1700174294633;tzo=-60;ogl=title.College%20Hockey%20%7C%20USCHO%252Ecom%2Cdescription.Welcome%20to%20USCHO%252Ecom%20-%20see%20blog%20posts%2Cimage.https%3A%2F%2Fwww%252Euscho%252Ecom%2Fwp-content%2Fuploads%2F2017%2F12%2Fuschowithbackground%252Ejpg%2Clocale.en_US%2Ctype.website%2Ctitle.Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO%252Ecom%2Curl.https%3A%2F%2Fwww%252Euscho%252Ecom%2F%2Csite_name.College%20Hockey%20%7C%20USCHO%252Ecom;ses=ba85fe4a-2a51-4b54-b434-8c9b22edc6fd;mdl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-K9F26MDDX7&gtm=45je3b81v9105504737&_p=1700174294219&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2044206632.1700174295&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1700174294&sct=1&seg=0&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&en=page_view&_fv=1&_ss=1&tfd=2144
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K9F26MDDX7&cid=2044206632.1700174295&gtm=45je3b81v9105504737&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K9F26MDDX7&cid=2044206632.1700174295&gtm=45je3b81v9105504737&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=78421789
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-541124-2&cid=2044206632.1700174295&jid=1694494966&gjid=1095488136&_gid=1959391491.1700174295&_u=YEBAAUAAAAAAACAAI~&z=2066027708
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ 		56 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/rum_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ebe97061681cef9cab75ce4e70092ceee2628c887415f6921fc8f7a9174e1d6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 19:20:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
11886
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21852
x-xss-protection
0
server
cafe
etag
8639837483975888457
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 19:20:08 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 3034 		47 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&adk=1812271804&adf=3025194257&lmt=1700174294&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~5~6&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294520&bpp=5&bdt=1185&idt=223&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2280687409296&rume=1&frm=20&pv=2&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=257
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
de1311b8cf026f7c26192341de425a3d7a334362d186c3c27c0bd9937f6fb9fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
17754
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
country
api.btloader.com/ 		16 B
132 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/country
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
ads
googleads.g.doubleclick.net/pagead/ Frame F37B 		134 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8983e435cd0dae3571093ffcbeaba1841b534d10a266f8351b6fed6044dcb452
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
43480
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.com/ads/ 		42 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-541124-2&cid=2044206632.1700174295&jid=1694494966&_u=YEBAAUAAAAAAACAAI~&z=1716862648
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-541124-2&cid=2044206632.1700174295&jid=1694494966&_u=YEBAAUAAAAAAACAAI~&z=1716862648
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
increment
id5-sync.com/api/esp/ 		0
234 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533570.ip-162-19-138.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
pv
api.btloader.com/ 		0
12 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?tid=KMR1bG4rGu&w=6283414432382976&o=4879373895204864&cv=2.1.23-7-g7ca04d5&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwwwproxy.uscho.com%2F&sid=4GpwU3vKC&pm=true&upapi=true
Requested by
Host: btloader.com
URL: https://btloader.com/tag?o=4879373895204864&upapi=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 16 Nov 2023 22:38:14 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
ads
googleads.g.doubleclick.net/pagead/ Frame 6D48 		106 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
29f3cd06447439f312a50a668b6436db3104824dec35b2d15ce30ee05056c6e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
39325
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
csi
csi.gstatic.com/ 		0
234 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lp1rvltg&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_CgsY-Q0gQSoECAESAAoLGM8OIDQqBAgBEgA
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
85 B
202 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
53.135.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
1e5f4bcf429cf7d0ef5957d1fa0eccdd5813cba6a1bf40f8ee42af5380d2a7ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-sV4WLm2Fke/wJiWfImmxcmhogUc"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Thu, 16 Nov 2023 22:38:15 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://wwwproxy.uscho.com
location
/esp?url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syncframe
gum.criteo.com/ Frame 19D9 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wwwproxy.uscho.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:14 GMT
server
Kestrel
server-processing-duration-in-ticks
337778
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
geoip.instiengage.com/json/ 		247 B
436 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
dcb07f18cc22ff5d5d8e4850ac3d93b32dc933e747fb6c865a87ed757da128f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:15 GMT
access-control-allow-credentials
true
x-database-date
Thu, 16 Nov 2023 22:10:08 GMT
content-length
247
vary
Origin
content-type
application/json
index.html
auth.instiengage.com/auth/ Frame 5F9D 		75 B
506 B 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.instiengage.com/auth/index.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:1800:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
156
cache-control
max-age=300
content-length
75
content-type
text/html
date
Thu, 16 Nov 2023 22:35:43 GMT
etag
"2e3d17ce9023be2c1313c02113f5c568"
last-modified
Thu, 11 May 2023 11:38:04 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 2177a1d449a3e8dc7269040f15d81cb0.cloudfront.net (CloudFront)
x-amz-cf-id
M_jtpK0ZYPoN3klhoaStT3KN030dXm0UNdaao1CGuczRDPzoN6QCnw==
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
x-amz-version-id
sdvig1qk6AHuXLU2Lr6rxmxwpeBBF1C.
x-cache
Hit from cloudfront
async-ads.js
cse.google.com/adsense/search/ 		143 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/2b35e7a15e0e30e2/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8fe95955a57b68b2ca6b5fc3f50ebca2eceab8f4dfec8164a04c2c27eb60236b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"17348395402651671750"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Thu, 16 Nov 2023 22:38:14 GMT
branding.png
www.google.com/cse/static/images/1x/en/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:06:21 GMT
x-content-type-options
nosniff
age
30713
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1372
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Fri, 15 Nov 2024 14:06:21 GMT
generate_204
clients1.google.com/ 		0
117 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clients1.google.com/generate_204
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
fed
ups.analytics.yahoo.com/ups/58813/ 		2 B
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Fwwwproxy.uscho.com%2F
Requested by
Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
vary
Origin
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
content-type
application/json
access-control-allow-credentials
true
ads
googleads.g.doubleclick.net/pagead/ Frame FF85 		95 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71be5e913f629afefe0b56e22e3484c81386d0f14e9e338ad6b5e779d81f16bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
44614
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
vm8sdRf0T0bS1ffgsPB7WZ-mD2ZD5cd4Epc.ttf
fonts.gstatic.com/s/pragatinarrow/v5/ 		46 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/pragatinarrow/v5/vm8sdRf0T0bS1ffgsPB7WZ-mD2ZD5cd4Epc.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
17810a53b5ffc8157c46a6192533bf2e567a31e23b31c4bac42d214787e488f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 01:16:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
163303
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23898
x-xss-protection
0
last-modified
Tue, 16 Jul 2019 02:42:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2024 01:16:31 GMT
vm8vdRf0T0bS1ffgsPB7WZ-mD274wNc.ttf
fonts.gstatic.com/s/pragatinarrow/v5/ 		44 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/pragatinarrow/v5/vm8vdRf0T0bS1ffgsPB7WZ-mD274wNc.ttf
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/css/googlefonts.css?ver=9.0.68
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e10801387114a129e9f06d6eedf6def06e1508ff4f53362043dd47a66bd7968
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://wwwproxy.uscho.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 00:16:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
253277
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23544
x-xss-protection
0
last-modified
Tue, 16 Jul 2019 03:14:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Nov 2024 00:16:57 GMT
0
json-b.uscho.com/json/scoreboard/division-i-men/2023-2024/gameday/2023-11-16/ 		2 KB
957 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://json-b.uscho.com/json/scoreboard/division-i-men/2023-2024/gameday/2023-11-16/0
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.172.136.17 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
powerplay.uscho.com
Software
LiteSpeed /
Resource Hash
e6f44640021413129ba6c881b570b02a209f008c2261a81889158a8bab259ec9

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:14 GMT
content-encoding
gzip
server
LiteSpeed
x-litespeed-cache
hit
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
899
map
bcp.crwdcntrl.net/6/ 		60 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.65.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-65-19.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
c83f22c2085b971c3d5379e1529193596815c7340ec6bff25cfe1fd38842adb6

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
x-server
10.45.27.85
access-control-allow-credentials
true
content-length
60
expires
0
ads
googleads.g.doubleclick.net/pagead/ Frame C168 		26 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9b7e8f1830ab22613067e00ff38203ec5258997ba1215c18a29e5b0365e3543
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
11629
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
csi
csi.gstatic.com/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=2~lp1rvlug&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.9=1.1hr~13.1km~2.1l4&met.3=1001.1jf_1__1~164.1ji~165.1je_4~164.1jk~165.1ji_1~164.1jk~165.1jk_1~164.1jl~165.1jl_1~164.1jm~165.1jl_1~164.1jm~165.1jm_1~164.1jn~165.1jm_1~247.1jo~248.1jo~164.1jo~165.1jn_1~164.1jp~165.1jo_1~166.1j6_t~947.1lf~86.1lf~947.1lg~86.1lg~947.1lg~86.1lg~86.1lg~74.1lg_3~947.1li~43.1li_1~74.1lj~947.1lj~43.1lj~91.1lj~77.1lf_4~724.1lm~724.1lm~724.1lm~724.1lm~894.1lp~947.1ou~86.1ou~76.1ou~947.1ou~573.1ou~598.1ou~598.1ov~947.1ov~947.1ov~947.1ov~76.1ou_1~1032.1pl~326.1pm_1~832.1pp~868.1po~216.1pl_5~215.1pl_5~843.1pk_6~889.1qh~639.1qp~1032.1rk~326.1rk~832.1rk~868.1rk~216.1rk_1~215.1rk_1~889.1rm~639.1rr~112.1s5_2~1032.1su~326.1su~832.1sv~868.1sv~216.1su_3~215.1su_3~889.1sy~639.1t3~246.1t4_2~334.1u4~1032.1uw~326.1uw~832.1uw~868.1uw~216.1uw_1~215.1uw_1~889.1uy~639.1v1~1032.1w2~326.1w3~832.1w3~868.1w3~216.1w2_1~215.1w2_1~889.1w5~639.1w7~947.1wb~947.1wb~947.1wb~573.1wb~54.1wb~598.1wb~649.1wb~54.1wc~598.1wc~54.1wc~598.1wc~54.1wc~598.1wc~649.1wc~947.1wc~573.1wc~54.1wc~598.1wc~54.1wc~598.1wc~598.1wc~649.1wc~54.1wc~598.1wc~54.1wc~598.1wc~598.1wc~649.1wc~76.1wa_2~49.1wc~76.1wc~49.1wc~76.1wc~49.1wc~76.1wc~49.1wc~76.1wc~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1wd~76.1wd~49.1we~76.1we~49.1we~76.1we~49.1we~76.1we~947.1we~573.1we~598.1we~598.1we~95.1we_1~947.1wg~572.1wg~76.1we_2~49.1wg~76.1wg~49.1wg~76.1wg~49.1wg~76.1wg~947.1wg~573.1wg~598.1wg~598.1wg~95.1wg~947.1wh~572.1wh&met.10=1_2.CIDfBRAAGICYdSCvECgA~1_1.CIDfBRAAGICYdSCvECgA&met.7=CBsQCMABsfXzggM~CBIQBxgBIKwGKKwGMO4GOENQsgZY1AZgvgZo1QZw7QZ45hKAAboQiAH_ygOqAbwCCjpSb2JvdG8gQ29uZGVuc2VkOjQwMCw0MDBpdGFsaWMsNjAwLDYwMGl0YWxpYyw3MDAsNzAwaXRhbGljCj1PcGVuIFNhbnMgQ29uZGVuc2VkOjQwMCw0MDBpdGFsaWMsNjAwLDYwMGl0YWxpYyw3MDAsNzAwaXRhbGljCj1PcGVuIFNhbnM6MzAwaXRhbGljLDQwMCw0MDBpdGFsaWMsNjAwLDYwMGl0YWxpYyw3MDAsNzAwaXRhbGljCjhQcmFnYXRpIE5hcnJvdzo0MDAsNDAwaXRhbGljLDYwMCw2MDBpdGFsaWMsNzAwLDcwMGl0YWxpYwpGUm9ib3RvOjMwMCw0MDAsNDAwaXRhbGljLDUwMCw1MDBpdGFsaWMsNzAwLDkwMCw2MDAsNjAwaXRhbGljLDcwMGl0YWxpY7ABAbgBA8AB1se7yAo~CDsQBxgBIKwGKKwGMIsHOF9QsgZY1AZgvgZo1QZw_gZ4ivcBgAHe9AGIAZaiBrABAbgBA8AB4s3qlgk~CBsQByCsBjjNA8AB1Namnwo~CBsQByCsBjjuAcABuaDj2wo~CBsQByCsBjjoAsAB5-exsgQ~CBsQByCsBjj1AsAB79XYtgE~CBsQByCsBjjkA8AB17iO0Qg~CBsQByCtBjj8AsABqJWl5As~CBsQByCtBjiCA8ABx87-0ws~CBsQByCtBjiEA8AB3NX48AI~CBsQByCtBjjkA8ABgeKGvgY~CBsQByCtBjjrBMABxo2sew~CBsQByCtBjj3A8AB5OCrlwU~CBsQByCtBjj9A8ABqtiXgAM~CBsQByCuBjiABMAB6Pmp_As~CBsQByCuBjg6wAHQw9uqDg~CBsQByCuBjjWBMAB74_L4gg~CBsQByCuBjjRBcABuZSSmQc~CBsQCiCuBjjmBcABzszrgQs~CBsQCiCuBjj3BMAB_4Tc3wE~CBsQCiCuBjj6BMABuIW5_QY~CBsQCiCuBji1BsAB0dL4nw0~CBsQCiCvBjjfBcABzMygog8~CBsQCiCvBjjsBcABsu36ogE~CBsQCiCvBjjkBsABsobQygo~CBsQCiCvBjjABsAB2obEzQY~CBsQChgBIK8GKK8GMP8NONAHwAGM1djrBA~CBsQChgBIK8GKK8GMIEOONIHwAHF08ugAw~CBsQBiCvBjjPBsABm5qVzQg~CAEQChgBIK8GKK8GMI8OOOAHUKANWMUNYK4NaMYNcPsNePadA4ABypsDiAH6rQmwAQG4AQPAAd6Ov5sB~CBsQBiCgBzjnBcAB0MmUaQ~CBsQBiCgBzjaBsAB-Pa8rA8~CBsQBiCgBzjpBsABhuWntQ4~CBsQBiCgBzj5BsABiZqzzQg~CBsQCiChBzjlBsABp8vJhwo~CBsQCiChBzjyBsABr6rC4Ac~CBsQBiChBzjJCcABj9j4swY~CBsQCiChBzjZB8ABmaDq9AQ~CBsQCiChBzi2CcABi8PO7g8~CBsQCiChBzi1CcAB_erFpgw~CBsQByD9CTgwwAHC0sKmDQ~CBsQByD9CTisA8ABi8KO6wU~CBsQByD-CTjEA8ABj8KO6wU~CBsQAiCwDTjRAcABwtmM1AI~CBsQAiCwDTjTAcABg-nUmwY~CBsQAiCwDTjFAsABnKWs9Ac~CBsQAiCwDTj3A8AB9czX8QI~CBsQAiCxDTjGAsABzLSm1w8~CBsQAiCxDTiABMABidGaxwo~CBsQAiCxDTi8AsABjLT86gk~CBsQAiCyDTieAsABrfzF1wc~CBsQAiCyDTjdBMAB04XqsgI~CBsQAiCyDTiRBMAB7IO7yg4~CBsQAiCzDTi0BMAB2Z2n5gs~CBsQAiCzDTjhBMABi4Td9A0~CBMQAhgBILYNKLYNMPwNOEZQuA1Y3A1gxQ1o3Q1w8A14k6UBgAHnogGIAbD7AaoBFwoRb3BlbnNhbnNjb25kZW5zZWQQDhgEsAEBuAEDwAG26ZCDDQ~CBMQAhgBILcNKLcNMIIOOEpo3Q1w_Q14qJcBgAH8lAGIAbDhAaoBDgoIb3BlbnNhbnMQERgEsAEBuAEDwAG8vY64Dg~CBMQAhgBILgNKLgNMO8NODho3Q1w6w14vpUBgAGSkwGIAcTbAaoBDgoIb3BlbnNhbnMQERgEsAEBuAEDwAGI4NXVDw~CBMQAhgBILgNKLgNMIYOOE5o3Q1wgg54kJEBgAHkjgGIAdDTAaoBDgoIb3BlbnNhbnMQERgEsAEBuAEDwAGN8LeGDA~CBsQCiDTDTgiwAHA1M7vCg~CBsQCiD6DTg1wAH9-5jkBQ~CBsQCiC5Djg6wAGAi4y3Aw~CBsQDSDbDjhKwAHkg5-oDQ~CBsQDSDeDjhOwAHxteAY~CBsQDSDgDjj1AcABwpKj2gI~CBsQDSDhDjhawAGc1d-5Dw~CBsQDSDkDjiPAsABrPDAqQE~CBsQDSDnDjjnAcAB27vP_ws~CBsQDSDrDjhowAGFzO2ZCQ~CBsQDSDsDjhowAGFzO2ZCQ~CBsQDSDvDjivAsAB2uGGnQE~CBsQDSDyDjj0AcAB6fz9qQw~CBsQDSD1Djg9wAHzx6Q3~CBsQDSCCDzidAcABtuW1xw4~CBsQDSCCDzieAcABtuW1xw4~CBsQDSCDDzhIwAGDisnfBw~CEMQChgBIJAPKJAPMLYPOCZokg9wnw9467QIgAG_sgiIAZ_qGrABAbgBA8ABoqGU9AI~CDwQDRgBIJIPKJIPMOUPOFNQkw9YsA9gkw9otA9w5A94lQaAAekDiAGhCLABAbgBA8AB6NSvzQk~CBsQChgBIKIPKKIPMNIQOLABwAHhwJnRCA~CBsQCiCyDzhOwAHr7fCgAg~CBsQChgBILMPKLMPMLsQOIkBwAGq4LnoCw~CBsQBxgBILMPKLMPMI0QOFrAAcb1uj8~CBsQBxgBILMPKLMPMNYPOCPAAa3-5YsB~CBsQChgBILkPKLkPMPIPODrAAYzV2OsE~CBsQCiC7DzhCwAHZ67DzCg~CAMQChgBIMsPKMsPMJUQOEpozA9w_Q94zbwIgAGhugiIAbyAGbABAbgBA8ABvd7eag~CCgQBRgBIN8PKN8PMJgQODlQ4g9YhxBg8A9ohxBwlxB4wiKAAZYgiAHxRrABAbgBA8AB6_jA-gw~CBsQBiD7DzgrwAHa-rM3~CBsQBhgBIPsPKPsPML8QOETAAd6F_4YN~CBsQBiD7DzgrwAHa-rM3~CBsQCiD_DzgiwAGC5c-QDw~CBkQChgBIJkQKJkQMK8QOBZomhBwqRB40cABgAGlvgGIAf_-A7ABAbgBA8ABlN3A2AU~CBsQCiCfEDhcwAGuyIaXAw~CBsQCiCfEDhBwAGH-OfvBA~CBsQCiCfEDgqwAHZ7qPBCQ~CBsQCiCgEDhNwAHKhJ38Cg~CBsQCiCgEDg2wAHHpsTRBg~CBsQCiCgEDhTwAGa57v_BQ~CBsQCiCgEDhcwAHooseIBg~CBsQCiCgEDhmwAHpnPb4Dw~CBsQCiCgEDhXwAG-lNn1AQ~CBsQDSC6EDgawAGAkfKHCA~CBsQBiC8EDgpwAHbp7SGDA~CBsQARgBIOAQKOAQMKEROEHAAYCw2fQC~CCgQARgBIOEQKOEQMK8ROE7AAdPno8oF~CBsQBhgBIOEQKOEQMKIROEFA5xBI5xBQ5xBYihFg9BBoihFwoRF41gKAASqIASqwAQG4AQPAAf23jOYB~CCgQDRgBIPMQKPMQMK8RODzAAeKygLkD~CBsQBhgBIPgRKPgRMJISOBpo-hFwkhJ41gKAASqIASqwAQG4AQPAAf_m6MwL~CBsQBhgBIPgRKPgRMJQSOBto-hFwkxJ41gKAASqIASqwAQG4AQPAAf23jOYB~CBsQDSCiDTiIBcAB7_e50Qc~CBsQAiC0DTiRBcABjamswgo~CBsQAiC0DTikBcABo5jfwQo~CBsQAiC1DTjRBcABucahvAQ~CBsQAiC1DTjTBcABiKnr-Qw~CBwQChgBIKwRKKwRML0ROBForBFwuhF4iK0BgAHcqgGIAci8A7ABAbgBA8ABq8PiuAw~CBsQDSCSEjg7wAGW-vW6Cg~CBsQARgBIKkSKKkSMN0SODPAAaSg_KUH
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		95 KB
43 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3975831450135493&correlator=2728552614537249&eid=31079667%2C31079674%2C31079239%2C31079525%2C31061691%2C31061693&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=2507246%3A1005862%2Cuscho.com_Web_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250&fluid=height&ifi=10&didk=570410235&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1700174295011&lmt=1700174295&adxs=1205&adys=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rumc=3975831450135493&rume=1&vis=1&psz=285x-1&msz=300x-1&fws=0&ohw=0&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=true&dlt=1700174293335&idt=1247&prev_scp=aid%3D9e3a8ae5-61a9-46b0-9b1c-9fabd7f190ab%26ib%3Dnofill%26iaid%3Dnofill%26iba%3D0%26at%3D1%26h%3D22%26utier%3D0%26tg_utier%3D0_0%26itier%3D3%26tg_itier%3D0_3%26tg%3D0%26shb%3D0%26it%3Dil&adks=4240730683&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f9869e71eda7907cae8778852d86f276849e4916dbfb9d445e065e79ec612532
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44430
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		29 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3975831450135493&correlator=2728552614537249&eid=31079667%2C31079674%2C31079239%2C31079525%2C31061691%2C31061693&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=2507246%3A1005862%2Cuscho.com_Web_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250&fluid=height&ifi=11&didk=570410234&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1700174295017&lmt=1700174295&adxs=1205&adys=3405&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&rumc=3975831450135493&rume=1&vis=1&psz=285x-1&msz=300x-1&fws=0&ohw=0&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=true&dlt=1700174293335&idt=1247&prev_scp=aid%3D9e3a8ae5-61a9-46b0-9b1c-9fabd7f190ab%26ib%3Dnofill%26iaid%3Dnofill%26iba%3D0%26at%3D1%26h%3D22%26utier%3D0%26tg_utier%3D0_0%26itier%3D3%26tg_itier%3D0_3%26tg%3D0%26shb%3D0%26it%3Dil&adks=1677946569&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f54afe71a5f43868a0077fbd51912f35f843fa889c0b22f2a398e553bd527518
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12690
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 96E4 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Fri, 15 Nov 2024 22:38:15 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sid
mug.criteo.com/ Frame 19D9
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=uscho.com&sn=ChromeSyncframe&so=0&topUrl=wwwproxy.uscho.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=zFib6XxhZE9LTWJGWVVpenJqZlBySDFhWGo4Rnd5VFcwTE8yTHVWVDk0UFBvRlp0RXEvb2pFcFZtb2taRzFvK3Vwd1JXRG5NbFJVaFd3bGFVd1cvdzkvNlFDSFV6MENIMTRlQXE1ckpmTkV5SnloK2pFN3g5Rnl3YXJXZj...
449 B
659 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=zFib6XxhZE9LTWJGWVVpenJqZlBySDFhWGo4Rnd5VFcwTE8yTHVWVDk0UFBvRlp0RXEvb2pFcFZtb2taRzFvK3Vwd1JXRG5NbFJVaFd3bGFVd1cvdzkvNlFDSFV6MENIMTRlQXE1ckpmTkV5SnloK2pFN3g5Rnl3YXJXZjlvTXo4NGpnK0FhRjMrcHg0azgwVjZnS1lpSDRKTHkxcnQ4RFVZYVhSMmlrbjBncTF6T3kvNVZ5UmRhVUlhNTgvemRIUU1hOGF4TjFiUEhKRVV2QnRhOGVUS041WmVJTFA5akZaZEdNQVpMUEZ5cGRlRTRQam56bGg2cktHVWNhZU1oc2xwTWVqbmppMmtFZDl1THRPV1BnSC9aQ0QrZz09fA&cppv=2
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
17cdc475987f8af44a66cef3d1539fbbb7c0790969230ce34266a2c25b8733f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:14 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1078312
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=zFib6XxhZE9LTWJGWVVpenJqZlBySDFhWGo4Rnd5VFcwTE8yTHVWVDk0UFBvRlp0RXEvb2pFcFZtb2taRzFvK3Vwd1JXRG5NbFJVaFd3bGFVd1cvdzkvNlFDSFV6MENIMTRlQXE1ckpmTkV5SnloK2pFN3g5Rnl3YXJXZjlvTXo4NGpnK0FhRjMrcHg0azgwVjZnS1lpSDRKTHkxcnQ4RFVZYVhSMmlrbjBncTF6T3kvNVZ5UmRhVUlhNTgvemRIUU1hOGF4TjFiUEhKRVV2QnRhOGVUS041WmVJTFA5akZaZEdNQVpMUEZ5cGRlRTRQam56bGg2cktHVWNhZU1oc2xwTWVqbmppMmtFZDl1THRPV1BnSC9aQ0QrZz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
343082
content-length
0
expires
0
ads
googleads.g.doubleclick.net/pagead/ Frame B338 		27 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ab9525531212106d7044eef898676595880d0a08d6f9e9537e8c21e8f21219f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
11625
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
authIframe.js
auth.instiengage.com/auth/ Frame 5F9D 		65 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.instiengage.com/auth/authIframe.js?v=1
Requested by
Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:1800:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.instiengage.com/auth/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
.lK6ICx53soEeOpFisF5xs3WBNt5Sw79
content-encoding
br
via
1.1 2177a1d449a3e8dc7269040f15d81cb0.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 22:36:27 GMT
last-modified
Thu, 11 May 2023 11:38:01 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
109
x-amz-server-side-encryption
AES256
etag
W/"e0bffec4a3929b23d4347f914449f5cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300
x-amz-cf-id
10II2a5rfuabWXDMQGpRxo0aN3oSp7DKcfQd7jXBHlnjtL3SCRiuXQ==
uma.gif
www.uscho.com/images/logos/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.uscho.com/images/logos/uma.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8d14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7231f5d6814a8eb17b1590e4a49895dd69583f31ada43dd63838f868d061af25
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400
x-ezoic-excludewebp
false
referrer-policy
same-origin
response
200
last-modified
Mon, 09 Oct 2023 17:14:47 GMT
server
cloudflare
x-origin-cache-control
max-age=315360000
vary
Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmgSGk6Dl5jjRRgprpt5EJKR16Mp00slPA2fn6pJFvg3ivRGe6jGAE3edMwlNzrqED6qtFPOmJlJKYk%2FG5ktSYynJFGmcaF%2Bsw0%2BKXcjo5BbNPb4wczKmgXzJl4f17qoZOAm3yVf9jGNuELM"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=3600
cf-ray
827339209f699b70-FRA
pc.gif
www.uscho.com/images/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.uscho.com/images/logos/pc.gif
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8d14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f878b274a38de5001f17126a165d8e990267d5d28b1e8dc3661f1728eb54256
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display
staticcontent_sol
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
200
alt-svc
h3=":443"; ma=86400
x-ezoic-excludewebp
false
referrer-policy
same-origin
response
200
last-modified
Mon, 09 Oct 2023 17:14:47 GMT
server
cloudflare
x-origin-cache-control
max-age=315360000
vary
Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cL8lUSxULs%2FM39MPuGIDv%2BXkfvRIBIIV%2BCCClteiqPPT2ogeS6dC6F4aEJCqsV70dFudRsUuYdPr6owQNoysc5FDuL1jX7ORJiJwjgvjULd024cbMmbl0Pi1e1qs24%2FMB%2B2s0AJsJ1vAo%2BX"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=3600
cf-ray
827339209f689b70-FRA
sliderleft.png
wwwproxy.uscho.com/wp-content/themes/uscho-np/img/ 		795 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/img/sliderleft.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cc4c5c8e3d1bf32ad091e720ce9f7c22111ec003e84e6a4570b386b0fb0b210a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 14 Oct 2017 00:09:54 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
795
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sliderright.png
wwwproxy.uscho.com/wp-content/themes/uscho-np/img/ 		758 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/img/sliderright.png
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.50.245 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
793bdfab72ad84a40b06db22176e14c6654329c1accc292a36c06228afd662c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wwwproxy.uscho.com/wp-content/themes/uscho-np/style.css?ver=9.0.68
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Sat, 14 Oct 2017 00:16:23 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
758
Expires
Thu, 31 Dec 2037 23:55:55 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 2CE1 		27 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e8eabe7bc46b4d7aa7fe42977cb711ab291068a6cf39b2104ae85ad3784eb7ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
11618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 97C1 		35 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
970be70829bb6f5d9ef701170b2c75b03c08c8840240f4fd59216a367e08c9e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
13403
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=3~lp1rvlxr&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_CgsYjBQgXCoECAESAA
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
11567692199716635213
tpc.googlesyndication.com/simgad/ Frame 6D48 		38 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/11567692199716635213?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmOWDHmRP8cPYqTVQ6YOwGaUqj9Xg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77d5d50cdf09b1b8973935a132959dee7fb25e7d08c6daceef541979e030f7d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 10:54:34 GMT
x-content-type-options
nosniff
age
42221
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39349
x-xss-protection
0
last-modified
Thu, 22 Sep 2022 15:46:54 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 15 Nov 2024 10:54:34 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 6D48 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6D48 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6D48 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 6D48 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6D48 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 16:55:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
20585
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14803
x-xss-protection
0
server
cafe
etag
12205605038930952422
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 16:55:10 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame CF35 		143 B
166 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1584
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:11:51 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
container.html
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 770E 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Fri, 15 Nov 2024 22:38:15 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame CF35
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame FF85 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CTqtQl-Uarj0LH_KrRgbUBR7ieGyxcNUYUsmgsP9WI22Mg6Hsho-WFfkeztcSvnuGoV4C0Gq0I2qxM1YGzH8r4gphK-Z6YfqSi0LrnUvjBJI-OEzY
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FF85 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FF85 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame FF85 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 51F7 		624 B
246 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame FF85 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:58:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
23968
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:58:47 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame FF85 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28411
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3071
x-xss-protection
0
server
cafe
etag
10674441169935035545
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:44 GMT
view
ad.doubleclick.net/pcs/ Frame FF85 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjssU7Mb9w2EEpur2AJ25tRWjwt3mpLGPImq0LcUtokt_dPsnetXQjQlqd46ReK5E6xU6A5KLoKbJ2CkrvkzjUyYdnxIZ7OSo94H0mrizS19DBRcjo-7SAwt9IQGm34PAxOLDiedrjJ60gP28Gdkts8zvWbR4X3kNJ1ubZ_im5Hc6WZPQYdWCuG3zu69a4TKwLnr0vN97NUOtkROde13Osd00P_om20cYigU0zWrR3sK04z0X_n5Um0m_-bl8fSOIBccrinf5ziKOliC3o1stSzm5bj8gDvx2M3E2Pp3oknbW6Hrq4jzehLxecYcFa9qkF42B6WDGpD2hHHI8blvCILRTT1DXAYiJA0lr-lIuGx1bK2sDdd3bWp-3LnmFwt5kBrxpiJ3GxQfSxs_b7sPpNG0PyWFgYwb6XLXzmimu0Xm5jsXA4sxi4F8SP05d0wTmGYC-dNvcSjXZG9kbsJPSzNTwg08P0-i4yLmAICmcdtKaUgca6L4mz3OvK1mbc6Hj7__tdUnSzzO8kjGf_Kb5LnceDazts9feEMXgEWyNWHrKSDnSfRM4kdkr-oNKuSRCIX2bvttp81zs-lm5-Fz93t-EaY8bMFI6l_5NYaz2GTf0SxYyDUiULWL-LtyYdqXngIAG7siWmlYjEs7B56ue-X0aQ2jE78TxxrlUWQAgu0JEEDeyb61TNG2Skk2gF8uc3SxraGioXgqxxjdRoqQTv-jCnS10WIUf8B7KOKbeLsyehdYy9VWuqqusY-JOhyoabAmptW6abcX2d1xrM5NASqjbn7q6Pqv3_qJesIvNJ92lTNTIOu1Ec-VLI3LJWqbBDSeP_QD0gQYJAKs_lK8a0_SiSE92nU3Ccn22GYuQiNkY7PwjLIqWT8LfWiPMVexR-V9EPA_5ALUuddZP4QTGisBeS2ygKBoz_diZhNtpeXUJJZAw0hJSiK982nvNhcZyYxAnSfvwJFkKVnhBFN7uW9wrt0js6JxbeN6Lf2m6zSdEQ1Gq_JcCRjqkPL7cX9YQe3QTV3Tb3MxUDTJxgy-VxF2CojWiaqshf21jyPdCMDOQLBbVxRMzFBzV74ewUfJJGqZHjBADqAw2EAMBlVXk-ZdjYs8xT2vh6PgUMMOAFwKNE7Z3o6VGVW7Y3IuffdoEfi4hxRdK5EQfUFPl91TTJPCXqXSw0wCPiDZt2a1V1xMuHdnuDsCb8xJfUxYvaJXSTrf7WDGONcctpe1nNBftaxZ1ew8TkgE8MSrCsyBzNo_emJ9vqj-ZOuZ4XHgZDHD2KBSyYSsGqOtBLAHoDELt3t_Drs1twNRySGyqyozt2Llqffk2uPCddj1PLjb4tAGxIGieoZQyTBpAtNAn6fioTwkSYXxc7E9p42Nn5p3TXVRR1emsKvr0xHoGr6HzHaleLQBysq4QiYBTSMww0Aov0TfRG3rIhsFny2CwsurgLEBii1hCFBNtljkiiys&sai=AMfl-YQUx2GM7COJUAjbqksIqNR0GXNkO_T33lWKE448BHFPvpddepPwDhsSMDQq6GwEhyJeO-Ps60NvW0IirD61FI__FT_LGklMfj7e2dkCaH9bVw0u36sAM0JuirZl3rQieFq3ZibojRMumo5ug-CnEBkuwbKyKKrD6O9l8mFodFHYisFOLzm5tvkY5CAN3eE5mi6Li9GDEI0H80T083S65wSLY5R180sC3lw8iQRjQPZwq4Vk5srw0nyT7ruSwe2HqbpUijTEImeaX8uyON9NlEkaC7o52RMOf3h-e0mJZ4dbZ6OZqtY7TReuTDOZNFtbys9Ne5ypx6glLvHoCLl2qHqQkTN1vPO_F8ws2_cp6Rm7JSTatSQMCXs5-sfgjjTHMaT2-KTp4E9mCFCigeGgEJ6YkdHWe3Mr6mxGCyjsARrMrfBH5JZrPK4ZUUN1QCmlcCMs8Fu7AorZ1lPauDXRfD5ogkH9Pd7KXlMKk14GTrAg_4wdyWBGHKhel9gM2W49EVCoOOY&sig=Cg0ArKJSzMWaZ30yLpl6EAE&uach_m=[UACH]&pr=missingexchangepricemacro&crd=aHR0cHM6Ly90cmF2ZWxjbGljay5jb20&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.50887&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame FF85 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28411
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
172315775997852598
s0.2mdn.net/simgad/ Frame FF85 		138 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/172315775997852598
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f13082adbde42d586e885d84bd45545dde96c0098b678bbb4ed8a961511edef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 15:36:17 GMT
x-content-type-options
nosniff
age
284518
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141673
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 13:25:51 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 12 Nov 2024 15:36:17 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B338 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C8XQee-QGRS9i2e1wro4swrtzTI_WvsX_Jb7MZtyDiTTD2RfMSn1t7IbDVFnb0DFg0aG89Nn03W3zEGL1zrh5jXzSoHeouAXvWxeP1Ut6ORPClqgI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B338 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7448453724097451536&x=1&ct=76
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame B338 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B338 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B338 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame B338 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CE1 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cemlppx5yWpeZLtDU0boQ32Is2SkHZLP0a97fsjSRGwVOwBjBzcfmOrwZFIJ8lycRQHqR59PXgC8jIJF9njAfP9DMy-hQeR2OPxBHbhn5Hf4STGxA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CE1 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3189723862143340214&x=1&ct=76
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 2CE1 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2CE1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2CE1 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 2CE1 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame D95D 		624 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 770E 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:58:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
23968
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:58:47 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 770E 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28411
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3071
x-xss-protection
0
server
cafe
etag
10674441169935035545
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:44 GMT
view
ad.doubleclick.net/pcs/ Frame 770E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjsvgXLl_SPGgQT-42-lvMXwPggTgRewgn_KdvUU5IfjBhBqUxDr_lawt7B9C6CFuOPct2NNMf93o1Vv8-DRZl1Iy9L65JWM_uzziFFkqNdnPX-poFs3hCuitBCjoNpJc-YqO9Doxo2_RZCjYDH1ja3jDDTQo9OPQtkv_vxz_XtOXk7tVOkRoWhnybQVzrsg02c4LVpt6wCaccr3jfLLifn5hZl27sGxHuuwWLAE7tcoBMVXoGAw6Go0yYEtlKl4qhqU44IIlbcW2t6X8lEdOYmcXubENvIDCz9EXD-jPbznUx5SgdNgmCFLQMsCaou45PO-jGyABDLLeuvs-gStUdPjqDKYR_UIJlpgizIdK8ogjJTW5_0BYBumLPMvJABHz1o5ZlptHHZXWw3JdWY0RRIkqnXQ454HRkWf2UHBhuouJg08wloiZTWI1lyKRZuxNQ2gtFpBLTwuhlgrClQRamVHnU0HEf_stOG4cACRt9S7NAN4hu4H4f3PR-ss2jiT50XxEHTF4OA1YT7lXRKLYgwLZtsrRwS630B_Dn2Qy40zVrpRSrtDWUEwft2zAtCIi71Sp4j4lSgHry3EvEEV1knzpdbav96mvOBypq8QB_u2e5cN5CGzxCNFXAUuny4WvPSWXh5zgEcrJKJwNIawczDtIssmpdYQfIT6lKjOQCk2Oebk1iYSGTaBboWDXyQl6toy1Iv-7JeRlKcIrfBK_8dr6TO-7rZilyi-tPNRa5ZyN7e5TDeG0nKHfE-QS36cMpPO-eKtSC3lwJhn5MSEKA2UYp_0sF5cNfdkamha9aTlzVJxxc-PZ45X0ffPhaO2ycv_9OWAFTwv1H4_e0-1P5PuTxKkG8bixyppnJ8Py9re6hjVlF328gQJ96Dsw5vlie92HK8aXgs_HavK-VjP1IeG5psM9edi3OBz_q5BGJ8tp-XV5Izsdpz7nagMdQxx2sspYeWx86sZo44rxYm3gnndshdcDImIFd0SB3VqUSrqgwDCxQ07zra1KbzsETPvTe5iquXLUrlPcHgdZLYgil17se4lnFAzrop1ZFjxJdSsYAdpEYt7TvJmRVd4i0sM91Drsgdw0hu1-t__oOQMtpU1rwAVfv6tCAlO_9BVrXs8Nk66B1y3CdLzC4sxk46X1FaSiTL7wJgWeF14mJafUmM9gg-8P1b5Jxa2jkJlPTDhLuCv-S9oC6SlAUIR0ser1RY0t2UZLh6r4KHFKd1SiQcypcdbnArbuMbesjJKwA8CfiVKMvS9p4sJwZ3Zjsa88bFBe8JOC0XoAegQbWv-opZxSsZrjY-2R18dpmGs8viwsRJVVjVzmoZS0J7xgIswbt1Bdk9sIrMaGKm2hIN8xkVnfWuEyx2iPyvb2sKkoa_azYXqiAyE9xr00hOJrT9JQK1JhbuYcU-e-aIzFpJ2Av0Zf9gorTIcN4d3BLPtyWrAh23SdLNgNghproQnip396flS5DtWYKu8dcQXLT-Gm63rs5RXdgzei25SmrkkAHgNwFbNTgg&sai=AMfl-YTkaVk_rZ-cncR7yAdBN8ApqL-eXLuAWQhtQtpvkb7obIgEQQUC_5FfJqb5GCSr199xoJvi_UEOwWAV8iTOm4vpQ6QO6v_GkKjnEg-YZhe1mFMBUDuTvtTz1BlpBMb_3rNRkOw3FRDyVEFsm9sJzKlWzPzx0uybGFGHgUJm3Ofvpm4ZQRLSEVYMhiLiXhLpLTHiWTBbIWhkGrq3NXqbfCk5_Qsj0stKwS-w-rGNNmIjItRAzFKLuzOyc6tkuEgQD-9EGqtKxRKGT1mpfyPXDgyBfQNV7r47lGv8HEKUaHheenICsm_4aPDE9crAtUMXvctZ4urerqhr5hKzuHc5sYmMbhgp68p8b5uFuTU9Om7i-ioYUPycFz1WcAh2s0xSLxAgikMvFX1sENJK6bb7zc45JzAB6TLDLX8eba9j4J83d4P6jEAZlN2wbAb2jTyLXyj8Laucu7TC6hF-4fCSKYx7I54VEdcIYRnUgBAg1QzAehqXwWY3UUqOKZ64H3XL5vaJ4xt_5zbT9A&sig=Cg0ArKJSzPnM-urr8-TQEAE&uach_m=[UACH]&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ib290LmRl&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231109.03943&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 770E 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28411
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 770E 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 770E 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 770E 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CWnlC9vCOEKC2U3IHiHR_LYXGpUXtajkGz0BQsowr-DIsC1YQTUQCrqoXbUbHGPYokXdnlu3Es3RAq34mnrT6mYtKKR1jfM0jU764Kx5EzTuz50JY
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 770E 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
pixel
protected-by.clarium.io/ Frame 770E 		68 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_RnNlZXpfLW5EeVdRWElKc2Jub0trS1RIWEM0LzI4OTYyMTcyNDA6MzAweDI1MA==&v=5&s=v31hfd4hsh4&id=eyJkZnAiOnsiYWQiOjQ5NzM3Mzc2LCJjIjpudWxsLCJsIjowLCJvIjoyODk2MjE3MjQwLCJBIjoiLzI1MDcyNDYsMTAwNTg2Mi91c2Noby5jb21fV2ViXzMwMHgyNTBfMSIsInkiOjAsImNvIjowLCJzIjoiZGl2LWluc3RpY2F0b3ItYWQtMSJ9fQ%3D%3D&cb=8319542&h=wwwproxy.uscho.com&d=eyJ3aCI6IlJuTmxaWHBmTFc1RWVWZFJXRWxLYzJKdWIwdHJTMVJJV0VNMEx6STRPVFl5TVRjeU5EQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODk2MjE3MjQwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.15.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-15-230.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0
server
nginx/1.18.0 (Ubuntu)
expires
Sat, 26 Jul 1997 05:00:00 GMT
11839226774894374011
s0.2mdn.net/simgad/ Frame 770E 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/11839226774894374011
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
249fa1b84f753e84df5068ec2ad21ffe5b018bac7bfe38b24a9e2207f4cc8a7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:16:38 GMT
x-content-type-options
nosniff
age
177697
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88126
x-xss-protection
0
last-modified
Mon, 30 Oct 2023 13:52:46 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Nov 2024 21:16:38 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4782 		640 B
262 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
pd
google-bidout-d.openx.net/w/1.0/ Frame 33A8 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 16 Nov 2023 22:38:15 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=4~lp1rvm3k&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_Cg8YqRcgfSoICAYSBBABMAE&qqid.1=CIGfp-fKyYIDFTij_QcdDXMDhQ
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame F37B 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 20:44:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 22:38:15 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F37B 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 15:51:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
24410
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 15:51:25 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame F37B 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9282
x-xss-protection
0
server
cafe
etag
14645652906762492339
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F37B 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F37B 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame F37B 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
a6de5423b7c632060e8f86136bd5d27a.js
www.gstatic.com/mysidia/ Frame F37B 		37 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 06:24:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
317623
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15478
x-xss-protection
0
last-modified
Thu, 09 Nov 2023 22:22:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 11 Feb 2024 06:24:32 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame FD32 		466 B
235 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNXohrKThteY5TLfDxLFhBDuhvz2N_0XMNuInab1xywgXpCcIfOos1hl7y0JBcfcqHwP-N6S6xYctRirMJWuix9SfLvd3JiLAFNMBb1LAJuEGQ8iSr7D840z8z6fr8SSV7qgSBMx6dc3WSAopPpPnOWynNO0IBLywhwxvUOIRtxFQWx_zy4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
215
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
rum
dsum-sec.casalemedia.com/ Frame 51F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
43 B
773 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gIPUbnYmWZzlVFtwMRZIhkQwmGjnFTFA4uuI6tq6BHRR%2BFg7GLQhy7bOZ%2BJszbtKMNmuooxTEi7BiHTzoiUv1rklSnp%2B4CVaV5FdV0w%2BGsmAlEmK958mlZpd%2Bb%2B0C7yLXYjTkxA490LCg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733924585dbb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 51F7
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
43 B
727 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9luAFjtJ%2BcmD2F7dei2gKbfAroBVrqGXn%2FeVhFpzmip1KVqQww5sHhshgSrBRNV637iUWM3vwHsJi8cBUpF3Qm2bctkbZD0Lda3vV9mBCeKTtoZ1M591gwDrC0zced8zyWGHbI2ha89ng%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733924b8a6bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 51F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
43 B
843 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Protocol
H2
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
an-x-request-uuid
4225fc09-c1ee-477f-a1ca-fec6e4287616
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 51F7
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMe68vACEMyGzM8DGIbthPMBMAE&v=APEucNVnKnttZUEEEqLYxp9ou4snhVdE-zq6YsnxnoDqwpLmyNsI5tNChpXt_OYnjkGU_xfgyspBlPSGGCjh8DQtip0KFrl1fvcjbnVAtprT1QFkWHm01QW3CnG_GUr86IaWUbVi_ITtF6PRvOADCm594FYPu0X8QfMHt06CXvFiVsD1kbLbme8
Protocol
H2
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
an-x-request-uuid
1aba57d5-df5d-4d70-81bb-171f485595d6
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 		160 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c6b461e28398566c5400381c27546e3c6d5e6ea790d53afa6ac2c64148772ac9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55796
x-xss-protection
0
server
cafe
etag
1094707591277047806
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
view
ad.doubleclick.net/pcs/ Frame FF85 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjssU7Mb9w2EEpur2AJ25tRWjwt3mpLGPImq0LcUtokt_dPsnetXQjQlqd46ReK5E6xU6A5KLoKbJ2CkrvkzjUyYdnxIZ7OSo94H0mrizS19DBRcjo-7SAwt9IQGm34PAxOLDiedrjJ60gP28Gdkts8zvWbR4X3kNJ1ubZ_im5Hc6WZPQYdWCuG3zu69a4TKwLnr0vN97NUOtkROde13Osd00P_om20cYigU0zWrR3sK04z0X_n5Um0m_-bl8fSOIBccrinf5ziKOliC3o1stSzm5bj8gDvx2M3E2Pp3oknbW6Hrq4jzehLxecYcFa9qkF42B6WDGpD2hHHI8blvCILRTT1DXAYiJA0lr-lIuGx1bK2sDdd3bWp-3LnmFwt5kBrxpiJ3GxQfSxs_b7sPpNG0PyWFgYwb6XLXzmimu0Xm5jsXA4sxi4F8SP05d0wTmGYC-dNvcSjXZG9kbsJPSzNTwg08P0-i4yLmAICmcdtKaUgca6L4mz3OvK1mbc6Hj7__tdUnSzzO8kjGf_Kb5LnceDazts9feEMXgEWyNWHrKSDnSfRM4kdkr-oNKuSRCIX2bvttp81zs-lm5-Fz93t-EaY8bMFI6l_5NYaz2GTf0SxYyDUiULWL-LtyYdqXngIAG7siWmlYjEs7B56ue-X0aQ2jE78TxxrlUWQAgu0JEEDeyb61TNG2Skk2gF8uc3SxraGioXgqxxjdRoqQTv-jCnS10WIUf8B7KOKbeLsyehdYy9VWuqqusY-JOhyoabAmptW6abcX2d1xrM5NASqjbn7q6Pqv3_qJesIvNJ92lTNTIOu1Ec-VLI3LJWqbBDSeP_QD0gQYJAKs_lK8a0_SiSE92nU3Ccn22GYuQiNkY7PwjLIqWT8LfWiPMVexR-V9EPA_5ALUuddZP4QTGisBeS2ygKBoz_diZhNtpeXUJJZAw0hJSiK982nvNhcZyYxAnSfvwJFkKVnhBFN7uW9wrt0js6JxbeN6Lf2m6zSdEQ1Gq_JcCRjqkPL7cX9YQe3QTV3Tb3MxUDTJxgy-VxF2CojWiaqshf21jyPdCMDOQLBbVxRMzFBzV74ewUfJJGqZHjBADqAw2EAMBlVXk-ZdjYs8xT2vh6PgUMMOAFwKNE7Z3o6VGVW7Y3IuffdoEfi4hxRdK5EQfUFPl91TTJPCXqXSw0wCPiDZt2a1V1xMuHdnuDsCb8xJfUxYvaJXSTrf7WDGONcctpe1nNBftaxZ1ew8TkgE8MSrCsyBzNo_emJ9vqj-ZOuZ4XHgZDHD2KBSyYSsGqOtBLAHoDELt3t_Drs1twNRySGyqyozt2Llqffk2uPCddj1PLjb4tAGxIGieoZQyTBpAtNAn6fioTwkSYXxc7E9p42Nn5p3TXVRR1emsKvr0xHoGr6HzHaleLQBysq4QiYBTSMww0Aov0TfRG3rIhsFny2CwsurgLEBii1hCFBNtljkiiys&sai=AMfl-YQUx2GM7COJUAjbqksIqNR0GXNkO_T33lWKE448BHFPvpddepPwDhsSMDQq6GwEhyJeO-Ps60NvW0IirD61FI__FT_LGklMfj7e2dkCaH9bVw0u36sAM0JuirZl3rQieFq3ZibojRMumo5ug-CnEBkuwbKyKKrD6O9l8mFodFHYisFOLzm5tvkY5CAN3eE5mi6Li9GDEI0H80T083S65wSLY5R180sC3lw8iQRjQPZwq4Vk5srw0nyT7ruSwe2HqbpUijTEImeaX8uyON9NlEkaC7o52RMOf3h-e0mJZ4dbZ6OZqtY7TReuTDOZNFtbys9Ne5ypx6glLvHoCLl2qHqQkTN1vPO_F8ws2_cp6Rm7JSTatSQMCXs5-sfgjjTHMaT2-KTp4E9mCFCigeGgEJ6YkdHWe3Mr6mxGCyjsARrMrfBH5JZrPK4ZUUN1QCmlcCMs8Fu7AorZ1lPauDXRfD5ogkH9Pd7KXlMKk14GTrAg_4wdyWBGHKhel9gM2W49EVCoOOY&sig=Cg0ArKJSzMWaZ30yLpl6EAE&uach_m=[UACH]&pr=missingexchangepricemacro&crd=aHR0cHM6Ly90cmF2ZWxjbGljay5jb20&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=221&vt=11&dtpt=220&dett=2&cstd=0&cisv=r20231109.50887&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
rum
dsum-sec.casalemedia.com/ Frame D95D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fb9cHqsSHCE1U42OmlPdvkx%2FYKsvmyzasMQpPWyym2QPWTxQ4wAENo9vJpVOMBRMtVAXHFygvIM%2BTZssZWzClPdLBoXRfH1Oj4%2BXC7roZXBN6WvX9kE62MJStB13GbM0M8%2FY%2FKq55ouOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733924787cbb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame D95D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RFd6BYjHHwmC1DYa%2BB97PbehsKVeDLUh3EaSo6ARcY%2Fuj88DanYX20MzsdnSVBgeflHjQL6uQ1%2BQN02122OGswDihDPpaAkQRae5vcA5ebASBWgtkYfvSoKhp0XVlzMJP7zzqssDVIpYA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733924b8a8bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJGn-tahdsZVvHUEZZa6_oQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame D95D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
43 B
844 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Protocol
H2
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
an-x-request-uuid
123938cf-6173-4ab0-b3ed-2b81e05a9c2c
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHu3JYS_kFG8CMxr91OAB64&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame D95D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMihxfQDEJCx_YAEGOmzs_wBMAE&v=APEucNWHjeA6PhERB0GIFRkAnwz9nwK_nozjMzeT48cuOzQ4AFNEUAYgKLhlrGUdtoatK-nNB3CylJZU9j37_SsAwNlEPOCm7U-lhvRq4jJRazje9pQoZlaRV7qLGBNLYQzBYMLoilQhgKA-qTwHgjf2IaNZfw7NUSExquDeZygwfPDsyvGVkO4
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
an-x-request-uuid
cf633e41-f707-421f-89f9-3fa96e9defb5
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQxNDcxMTE0NTE4NzUxODIxOQ%3D%3D
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
truncated
/ Frame 6D48 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
30dba6cd33988bd024a1df2348e5054e0bc89723d4997b8124594c06a3056f92

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
view
ad.doubleclick.net/pcs/ Frame 770E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjsvgXLl_SPGgQT-42-lvMXwPggTgRewgn_KdvUU5IfjBhBqUxDr_lawt7B9C6CFuOPct2NNMf93o1Vv8-DRZl1Iy9L65JWM_uzziFFkqNdnPX-poFs3hCuitBCjoNpJc-YqO9Doxo2_RZCjYDH1ja3jDDTQo9OPQtkv_vxz_XtOXk7tVOkRoWhnybQVzrsg02c4LVpt6wCaccr3jfLLifn5hZl27sGxHuuwWLAE7tcoBMVXoGAw6Go0yYEtlKl4qhqU44IIlbcW2t6X8lEdOYmcXubENvIDCz9EXD-jPbznUx5SgdNgmCFLQMsCaou45PO-jGyABDLLeuvs-gStUdPjqDKYR_UIJlpgizIdK8ogjJTW5_0BYBumLPMvJABHz1o5ZlptHHZXWw3JdWY0RRIkqnXQ454HRkWf2UHBhuouJg08wloiZTWI1lyKRZuxNQ2gtFpBLTwuhlgrClQRamVHnU0HEf_stOG4cACRt9S7NAN4hu4H4f3PR-ss2jiT50XxEHTF4OA1YT7lXRKLYgwLZtsrRwS630B_Dn2Qy40zVrpRSrtDWUEwft2zAtCIi71Sp4j4lSgHry3EvEEV1knzpdbav96mvOBypq8QB_u2e5cN5CGzxCNFXAUuny4WvPSWXh5zgEcrJKJwNIawczDtIssmpdYQfIT6lKjOQCk2Oebk1iYSGTaBboWDXyQl6toy1Iv-7JeRlKcIrfBK_8dr6TO-7rZilyi-tPNRa5ZyN7e5TDeG0nKHfE-QS36cMpPO-eKtSC3lwJhn5MSEKA2UYp_0sF5cNfdkamha9aTlzVJxxc-PZ45X0ffPhaO2ycv_9OWAFTwv1H4_e0-1P5PuTxKkG8bixyppnJ8Py9re6hjVlF328gQJ96Dsw5vlie92HK8aXgs_HavK-VjP1IeG5psM9edi3OBz_q5BGJ8tp-XV5Izsdpz7nagMdQxx2sspYeWx86sZo44rxYm3gnndshdcDImIFd0SB3VqUSrqgwDCxQ07zra1KbzsETPvTe5iquXLUrlPcHgdZLYgil17se4lnFAzrop1ZFjxJdSsYAdpEYt7TvJmRVd4i0sM91Drsgdw0hu1-t__oOQMtpU1rwAVfv6tCAlO_9BVrXs8Nk66B1y3CdLzC4sxk46X1FaSiTL7wJgWeF14mJafUmM9gg-8P1b5Jxa2jkJlPTDhLuCv-S9oC6SlAUIR0ser1RY0t2UZLh6r4KHFKd1SiQcypcdbnArbuMbesjJKwA8CfiVKMvS9p4sJwZ3Zjsa88bFBe8JOC0XoAegQbWv-opZxSsZrjY-2R18dpmGs8viwsRJVVjVzmoZS0J7xgIswbt1Bdk9sIrMaGKm2hIN8xkVnfWuEyx2iPyvb2sKkoa_azYXqiAyE9xr00hOJrT9JQK1JhbuYcU-e-aIzFpJ2Av0Zf9gorTIcN4d3BLPtyWrAh23SdLNgNghproQnip396flS5DtWYKu8dcQXLT-Gm63rs5RXdgzei25SmrkkAHgNwFbNTgg&sai=AMfl-YTkaVk_rZ-cncR7yAdBN8ApqL-eXLuAWQhtQtpvkb7obIgEQQUC_5FfJqb5GCSr199xoJvi_UEOwWAV8iTOm4vpQ6QO6v_GkKjnEg-YZhe1mFMBUDuTvtTz1BlpBMb_3rNRkOw3FRDyVEFsm9sJzKlWzPzx0uybGFGHgUJm3Ofvpm4ZQRLSEVYMhiLiXhLpLTHiWTBbIWhkGrq3NXqbfCk5_Qsj0stKwS-w-rGNNmIjItRAzFKLuzOyc6tkuEgQD-9EGqtKxRKGT1mpfyPXDgyBfQNV7r47lGv8HEKUaHheenICsm_4aPDE9crAtUMXvctZ4urerqhr5hKzuHc5sYmMbhgp68p8b5uFuTU9Om7i-ioYUPycFz1WcAh2s0xSLxAgikMvFX1sENJK6bb7zc45JzAB6TLDLX8eba9j4J83d4P6jEAZlN2wbAb2jTyLXyj8Laucu7TC6hF-4fCSKYx7I54VEdcIYRnUgBAg1QzAehqXwWY3UUqOKZ64H3XL5vaJ4xt_5zbT9A&sig=Cg0ArKJSzPnM-urr8-TQEAE&uach_m=[UACH]&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ib290LmRl&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=102&vt=11&dtpt=101&dett=2&cstd=0&cisv=r20231109.03943&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame ABD8 		398 B
225 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNVvTibibGGYRXd3lgTVMyWrpy45Svm7A3Q2Dyt1VtIL5P564hRHmxnEUI4Lk3ihc_dgdChO_1JE_Gjqc6RX_xnsfFLH8ZD5QmFK2PjARPi9FC-bNtQ1aHkq9zcNes7HTjw78gi-Y1h5bLqT33JFZzacrDt190g6FkaBGx-0qSZ_8p6Nd7w
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
202
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame D543 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31498
x-xss-protection
0
server
cafe
etag
4296746511219988724
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D543 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D543 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame D543 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D543 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B18PI8XFOId1YJy3avQwQC5PXrK64MgYeNvHdB_apty0B8CObGI6-P4Asf_IxQbpfXQ2-_AR5IrFO72m7_5-p36FivQQKWB2HuOLP__fSwamey0U0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D543 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16422682046585133535&x=1&ct=77
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B338 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3202563391326&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B338 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3202563391326&version=m202309260101&ct=76&x=1&cor=7448453724097452000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame B338 		108 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4Y1aaoJUWu_bLfOJefvMiqLATdEbcv3c-0mgzyiMV-wJzzbX5xeMDyMHVfSex5hzAWplO2TThh1Cl3BEfNfGjs_XIgqrNv-jXtGSpShSoxCiRW7xvfmkc2rUVgoq3l1Ec8RxvFjS54V5q-W3ig6QznIMGzQj6H3nEHotRrtlYf7NcePE&dbm_d=AKAmf-D6twxsrTuLrGI_NyBdCc_OTmYqnWEnLSg_gw-6vmLJQq8WxwECDBaCs6CaXOo__wYK5n7SQUpcc9Nhgr8xEpb9Nyy9DdZS2u4MAgzSe_gmhiSPTCPF1Rx_x7_cig0lnygZ16API1hflqEkg9O0aXplCH2vH4M8RCJ6lUbyBSqWGOwNs85r4xk5rphf1CDCTg_ukQVSAiWYIKeKVKIfNKgKmtNOTMmBI8z-Ebh7PPyueINE8miLmel4S0Bb6fpck_-9cV8RIHFN3Y4cJR1eVFpUA6ZZLX8ka5Qw9ThXFR_EgZaaZ9YD2Kjs01mZxc0856swYIqS3w347mA3na8QX9Pgjm-7VBQzTdJZz1vQkxPo08cFX9LBJX_Pgf3g7Go2NnznFXI3zgCoeDiEB3L8Nn8qHdEVVmCK6DMEQtMVtVf8whASQRhzUBcJTRMf-weYLwc2sZucasWh82Afb0AIqiA8UT8cjg6JbwzI93MRvDgcUi9HlaB4_-TX2DsDpDXTEvBzfxfTr0-o3pIUF5SMwPqFXpzj1qLgUZG0feeXXfSoXJSVCTI6c2b-OTw-GPSnOi2CuEVUEGkh02nQgf8z_k8U4o4GY1uZO3H2agNuPDg3X5Eb4HOswgOnppt5OS7F9NswDZMPkkPzGjW1tSU3Mu7R3FTAq0JGyoVq556ybolOKRptG1ZP-wjVqNB7DCOnWxTZzDGAsh4T65OfVx9YyGK4ANdxKuaT0dr38TYqtpYOgO_F3J_Wm5qqiflfkPxSvMQt2kTUod5iTgYvq-Y_OyvYTjiT2ZpOJQT2hCjUFEROm5zrw7wvUEihMoqBk6bmxvODjg4ILnkKLEfPULcyTHnTEP3ZksS_a0GyfS4SCS_Asi09w0qlebrcO-IDtXThaENo0aeCFY4DewvccjandPn51Eug8kLQho8_BVzXipTmxpa7Elgxhvspf0XeKy3hGzSzP9DCjvfAe-b9-lBMxAcMBrWNo1h221iLMSLCpx7YpKmRhttyYIvreIqPX8ELR0KjN6qwVudjLNMDfd8wmkCsL_FgVuS57t6NG0rbt4zNShH6Fu4zdbMAUOYCXHhXVbeSvzHtLslo3_d-XZaLZ3k65oW6KtkM0wntKPdanLLXJ32WvQFMMjSVzSCHURU9oFTOZ88SO16VpFtNtASSw5c125vMzCw0dj39XodQkGnEvrSIkWHAzdbRTdDjHVnN9qxC1QemH2NI_bPgD7LaAKC0N7V4MEVZIwoXmwfl9h1vM4mapv8W-MjL-7kVwzNmKIG_A4GmOd6tfYYDYH3Ar9T3z9eycvLXqdWo-TW3bKkWYK0puqwRC96juMZfnxzQRlQ1rbunkrs3iZbnjkvvzBYggwlPg8HfKj1CFKS1htH9hKwSNJ9vAooDfryveCQxPhz6VCoNwDo4-GqWV09QEvo-2TCrupkWeqft0e9tOkbM2es0cdBBa4Eu_hewZXgWWLzIkCzvqTIYJWp4cnkk0X2L9feveyedv9CXsobJafoLjqru5-BFMN8xhDa7NOuoYJkRTw5LczCzsCF985o6ZlBUF4XCjU6WcHdnnp4TQWCQIuxZDwmnmEt82jAG4x_wV2x2682sAr6Ib7V9AVylpQX3Ivx_9rqSLob59t4Tl6A9dNYnLQoZVjNMfXN0nFhQPc-Jc7WOL5FIiZeINbjWA8gbnaGhGyZi-jRxa12rlZNGbb5GaNzMn9D2AMlQMIEWZ32Bqw7xn8ON8RFJtYDfQaaxqGKBiAyu5qr-PKMvNnEWJEyTk-kIvvRyTGj0bheMh_LRP1Ivvk3WQ6bFb-dz5yceMMb6uRPXEtWyyCfjFe0rED8ZtWCpWAT4BQjdLb_7ur6YBz4nD0qVUo17XXtT5svgjch2Jy8DiF7jT3MqEtMgPz9-ZOPu4Gm713q2tYijlpwW5YOFS8UOs0ej4RXw4t6iUhx0E35W04tlABDxcsOOXVB9ejucnoE347orb7BkacGGgN6muFBZtLgxm1Lx05rw_HPqFZ3Xd4z4gT4LVdgWmOcX0EBjWvOzU8jNBCrfM-GJpCBHRfAbwsv0FWFm1ah1MuUGr2x46EyCzoZ3ydDwae-4rVqe5EsVbMnmheuyxM1oxhF7s2C8DRmSGBIa0TMy5FYqWNZJyfz4cOfwMU31pLJS0R7zvYvops6-TIBNVsWd6BnzM4GhlrfzJhj5YDdEZjSiqN9BCPSbm-NCyBfPJFib1VsuDVjj-jDo9K-b5K2OKCg07BNj9Y1Y9W_e5-1_7-I51ZSvFUgR1-OtfkjtWQh6Nt3370_3WOrL3z8KVJ3cVWqC-t8O5NqZ1cw94NZGTWScLaJotGEgqqmUrnJxEodatHgRo4nTsQc5Hf1ESb-o1rTny2qkTFGNHKcP6l7iu_rRNG9YLyU97bvldBeufPgAF8nasC1Zf4B_ZdNP11jElNK_FIlzMxb8z_2zC6Jtpv89SPDWwI63jgOmpZpPFdgt0FyITnnLK0bfrT7_Kg3v5SFxdxPkboA06bGiLRs0IZCguJyiE4uhlp0wQPOFFENRqMW1jZmMVPVXhd2DGb2BNhQYXZ1IMshD80fz65dgm9FrfnhjBBJf1vl8FGNfYpfEspBWpVr22Hfoai_AoXgIH0uNa1-yPaVEDHcm1Ler0aOyzUXcXvLFNj3NUoZmtyxDU_jbtst1jl6pYsESVRLfonNXCfNoMwu0BshrkTrXlV0pCVriW0d3u-yODKUPrNhKyPM-gP4MgIMRj0qy0FEIbxtSlIGHHQ6bKr98ZALH5aEf2fsnqeIilDXRWnx3TWoMI0UE6ju94TxkWx8tH-AsPS_sM-8U8vFGIhCzNgQrU7EVKdgeiSRbI9pFxzoYajN3kdgBdgkJZT8He0VXK8mIiCxfptM-mwU0KIF74oaxrLxGk-vZCIoZgm9Yp4R1h1S0SKnoQuLzVsOrc4YBAFKtwhQM6jgKiJXpjLM3XPzMJ9EmC3BFq7lqs50GA3-KXqr0eZ14Nf-PUAVtLZZ7sqod_Duo1XfwdwZbs8OcIghP8Jp4Fbs_U1ZpUsw3Tr-mrxOmHVFIXsckIK7wotfXSsG2kJ69Y2vFw7aiGVig_re5yRmW3KIboWT96hnlNqHZyupBhgD2DZY-XDRTFJJTf1I_eBPMeRWdNDfX-pVJR3yxLE1QBreQqCxWMx_-AM5PqHv80Zr4py6u-dRnrQjc0xhfK4dur3l-z5V9xHx9gOimPqYyAJUYPT1aIroJGhxtORYEhyOisZnSVv4gWWaG_BFEghQoVAouvM2HMV42shfMHuLPBH2GlERkaLq81-b5JZkOrkanWd9gOjWo-gmWLeSukOQOcge3Ypu3TtORiV5GiJ-AOctacJP2PT0eeNfd9-784aXZpXQKM7PTWEOEct6OjHCtuq_lzuk0qiCxbHGJDOuUBfGzxGPHZJ3YE1nMkTNOp2GeI-UNdXXDt-9hw6ybQYuIUaZs3RHczspKBc_-LbfcjxRWsJdDLd5uRvm2m_5ySlTocUJRULNDWzzPe0CkEfD0yuK0-KN3UFM_T3vjf-N4kAGif2S-kh8PJNl_1Dnn37eU1TyB7M5F2Evl9mkIpYsz9zQGnklTMAKsV65iu6daUBYHYMq_j3fF5v5IP2PWD0e_1nlV8EsG-RWj557Q9RwBrm-LcjHJarhyjLco9BxJzMYhJ2zMddNcY7rumv_cGbZA0sBzjQ2dPX1gb0g0K2CZ4hkb_DAMb6144jXiKgqWmtb5jBoKaNk5ALznfpF59m0OSsXK4vwKnyP_ikj1mWF6DZEQ3AK5VceaMJmH_YjrSECw1rWtPWOHG1dfUBZEzTM5mTer6p9lXFtlHXyTOdJoXP8SWUMh2zoLTD5P72nXW-PmozGuWCFNHSMYy7VxCmZ_gVols5OGR_U0V1A3wzfLgmeffICEtWgK6En_CVmlOGNt-X3FNT_9H3B54veW8Hw&cid=CAQSTgDICaaNLmv8jYNs-3CdZYiJXMHn0knQRUaznvd5O0ywYW-FnbkSlPEggFWP-cLPK4liAI-VwCZq3ppnrqLmPlBtDeHQEVFtA68d7LUBHBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=7448453724097452000&adk=3690638929&idt=38&cac=0&dtd=39
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea34fd96fd354f9d8218bb5243380a109a25d99efa8ef0caf8ca1a8db2f0e711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42094
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CE1 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7036186129273&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CE1 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7036186129273&version=m202309260101&ct=76&x=1&cor=3189723862143340000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 2CE1 		107 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DV8tgfnHaq6SupqljIpausjr6dz91RBE4trYJz_28fWZclalFULLyxq1I-PXw7pHqrCDThcUln_V1TsNB4WbdELKN_3oyYgOPNKOx-QqmbR7DDTDqrZMKIJWD9YzTXEPD_LKDYK3oCyOrximU63TsDMokIKYfgrURrGlEgmaBV6jNStVs&dbm_d=AKAmf-Bd9HZF_x495O4Z552GOf3ojw2PeFzqEo6d2ysV66vkLi7EM_rmO-6QNWuYmN8EWSrOj6kJsIxfjXiKY4utM1GdNuajtFwPFM---uVMrmes5fXrIMkeqxNnawCdGJuJbGwSKSb6_nuwR2AUOoNPdivtQsjDBZGiz7BBr6IhY-ru6xIbNLhFq4QMMNNvGQI7Kcte1-UERr3L8ehK_1JAxw_SpqTJYKaPkpEv-wobfLUxZh22c09gpJ5bf4NqsmZr2lk4xnYNMNZBsSLLsS7Ce5WqblHsZ7BQU7mKuEEio0mb0cQX2cQnfjnittZ3QSIcABR0N1si4-jsPrhcS5nUA_kFRZMvL384Yuio2rfiGFVktmxo084zDggKBSZvcFO_hMviYENxg-1M6Z5_jzC8kxkxr8Nun0uvILkS4YlO7yTLx71fzr3ViadyF57T4G2g7KysdknIvZ5mEnOicbPqfaeDYoKBTjv5N6FYrSgAWYGsmfsgRRU45b9QsCEM9c94xllfoBEWobcnDdavjuPwPuPdH-w0KVH3ghVLxBTtUdmx0qitqubrkuu_w6hE4KGn7KdJ3q5c_qjHZsa6Zy7z3sdBNbLMSASLfbiuYP_wSlZlape1HaeJzQwtG4f_OKxvNXRenTHgnzsIR2RIG1Ji262IJ6Ep4wkFYPkHa4i_mFB-w89CGyc_R7ni3TiiiEIvU7_jiGJIy_15h5oovb_MIpl78n1gOKxNvWkVHSujz3taCh8brYQS3vXuLNqR5Wu5lqT_0nBtyeppQ1SuFL84rMhH1XqwHDe9QKlaFJDyzB7YOn1A-uEjYzZoaXYTxVG7eKmlxhUH2JexXDpYFmz6WjsbBr82qY9hH7F1Tgh9d6WQpdxaVp-EOoeG71QHQEjeSvsh1v06vPgzVV4rEsWG4TEVuen9nSs-AvFUVf6RZbpCPXvO54p_HvXG5dBEJ81Nj-Jky4oGAR1OoQeUpC1UWRsSmnXLeDpD7r6Bb0iKzZ8UGvwKB6HEgU5VlRfaUKW4cas-d7Xq46TMXOSMkH031bXavacd2H7NS3fo6YSCezr52ws6PlS1ZTuL-rttBThdwv0aITUpEX2_9lWlEqYK-FuZyQR5zLxkP5ZmJBpAYOjAL5lUaWyhs5h0s6rnKvKRWqhHsFEQiQQnhUO6nXj9leAdP9CsNo6_tVLA_GxJZvCJ6MJWdn2eLiHphZIVeknuVCzDVQl2Ntpa0RTyTeqS_W_nHSKqoOACNe-2KRV1eS5_d7RDW-k_LbVj4urnFpZObnUfhiSNjzaxWm8ExSuxSVyJaGd3TGJ69Vw34GY1q9qJfFXAjN7yNOjc5LQfFNYIJ-Zil2ju-dp5xmfTkLzhk7yM1BEL4_QTvnQTOuKq3AE9T5ZBPgujaCoeBbEJ63mt5tKhsuoe17KmEMxrj-aSUsxp-3Qqi6lKeVnnUMnkHaB2q_NxwE_YbowvT24SBwnqNw-beanor7ySBjWhFUKMc6larMoXydTKm-z6CjTOCv-CQn5ZI36AALhzK4gwTjwVSOTwKLVRtPFqhP_IjDLbSMSKn4AHIOVBwZTc20Uw_grvsTpQKT-wlNKw6n48Nf8PWUlnaTbq78JXa-AkzK4PcHS4HEql1RtfqRCWF3ZGobMajndcecX6HyxQ8FKVKuV_6BgGLxzJy-a7vpATVK3nTw5CoXNhyE1Uxvv_Y9RSjAYkE1_L-7Wt7M05Vp56u2ayi0NWi2saOGQ7P0rWGYIgv5pkMKWlgqP0VOqWcSDT7E7mdr_1oxDYNxeLezZUKowVBfX0isRh1FKpwnreY7Hj4uyBsHA2bLABVnnTPDK924qNsbypLSz_JnXWRiXH7K1EZX2YHcn2jvDlZppD80Nw6RIJAkRVoY_XPF3MUCvE30KwaBQudGzY0qzSFdL4BqkCbg9iDUJmyVKgg_3OCmRUtQg4zg1Hp7sC0YZOL7LhNugoB2WubBYbpT0W3vo2Cd8Ev7P0f8h-tdBfCltLSya7MJh_zvPHLLTWywkVj9o9LWjwo_PtyMvcdI8BsqlJ-aaaTbHCEw3kSRTtI_S-NVB6ne52t7hApGfLGKELTczDja6VPiNJlmgjLfA8sa3CwbymsgFbMGAQPJpsd0bqpTOPSp5ynQ--fO2qe2Akw30VI-B-vYgAsDAss_zCNVWtFxkidc6jtob2I_VU7RnvuhPvNh6hXoP2Fug8UdPM6VGRR8ifBphymL2JcsoDhCs5gY_pn83mx92H-tbwzCXFbm1CQ4cgrbegA9kc7JfD_ZoBNWLhN5J03OQnRLSg4HmBEYoRHGUVlUH9IHIhSnUKNc9xSDDpRnorQaLd7NH0F295KlIPZZqr2qbknkU3o7v-pgARMLpEDZnIVtoDkZ-OQdZofwrvLD3Wl0mrnSiZCT3lZSw12pCbNI4V35E7YS7OoGQRLuzEorffGUdFeGgwJIMR6rOBJrENo5jjGGf7ZkupJUMtB83_ZKaa3RCsTd2tUi5DZiPsTERFUaq4ylUbjXu4LmS_beeN2f2q5Ba31tWV2GdpLycOrzIKhcYgQiNAF32cP3duPd_axa3OiSI52VOkvxBrrkFLGpM46SSCPnu_-QKU20iY7w9GhDvVz4yOHGTTB2vuZF68lM3Lhy-nmKLhPsAMMJ8PZHyA61MEW3Q0u8vHXyHzMRtMv1SGBB4LnOnpgOtflhNSzcrZ9To00iQpNKEGJq6Nd8PQN32s0XdUkxfjaemqfzRxB6UfXkIScXZ71XzGaA-oNdbcLutGTM8MCTChcAsGN5uIZ6i5o9B-021ZnKh7cvlFFH6nTrGVfRIp-Fs3s9Uax_LZLX82CqbQEcSLc21_Pg7kxuIRvpnzCUFmexodohEIxGx1Z7CbD6pLtom5_PzeyoD3GMS7G3WlxazIBDa4R3X0vR80BAehwUOCujRwYJfNHWe462ovuYR9poiODflznMtClkHr1uDXiWxkFD7WD7W57qKqAAoW5J5VuiZABItpqSC5FPlQHNcgcEd5iSZOu2qtSQuxsmiBCBbTC1KwRbMP4xXURJxAg0T3CE16iNfCOSbM5VhJsEDmEPFx1g7_4U4vSqzgC2wVp_-qfRKixEjiGIJiKYglx-UyTUTh5mZJhkVw7AnYLE6qQeuD_2EZOzlnnOmzGKeHDIcnF2frLZeMp5VdPOtQ03pwbsPAOMJ1jp-7OBxntIlPnzL6ftlbaL5hGCnysJmdI9UWkTeaCdooH9e3XyVeg-DxiSeNUPktyIsX4MYxHtyhvHF7oF5g7Eip5lfdBNWjVkpYn1SxFmudfu91sbfNzCuBsdA4zbL7RjHJFsRpzYIigh4dumB3bK7BT8vPpaOdP_cDmnwqXYIo0pBWj9RUTCzrRlOVpNzzjBf02w6S5ButcFMOLFGRhlY-wKs93xTfA2cqC38rNDbO984um_2KswqmM43SIdwWHR_uRHLE8Z5cT9CzXlJ_s7tZFirHInOPj-rMFATdj_fHDtlp6FdocrNq-VOGoAEVGuhHsU56QflVq_2V1Zsd6wkmOexZIWRQ14hcLBJfOIj0J_cURUpCiuscn4K7RVi_AqtijMRV08p5OufySgp8RYh8WAGB6agyAOhOz0nhAAgTJvz-dZ4yZTdoQ4V0IF6Z15x08XIWNK0LTrqZvOhfA7gX02IfdPQ_PuodpXDSCoxrq4Pekpvyd2mdlb0tyCchHcyoZaKRTsgN9ww_IzmItwsMFdvPNDA-4dTTStaKKQXIYoAzeOQl7QjwqfwPMQweNUzpBWqfkkNuA082_Uq6zkfuP2wWGmTGmWanGdtgIY22cYSraBg7HHFt4J-vG-zq-4uYFhsYusphkM4SOJnrCj2fp95JIYxq9qXe0KhSrGxxNPgpb3ZKk4runIiV83jP5JpHT7PCFCSYVSsBml8iCv7xpPJlVYvXLv6bnjQB8P8iGOpVHJtmEjguGd9Dl0M&cid=CAQSTgDICaaN8uzdFy6IoQ-j0Ow32tKl3EIcMZ3prX7YmpGl2RTCxp5FEp5xIwUocDeY_7qXrN6NLDBWvFTGkwpa9cW9BVC31gJbL7Nos8N0KxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=3189723862143340000&adk=1033480531&idt=55&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d27525ced2953694930f0edf972564818531c00fe5b2bf8a6118bcdb5a25a975
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42089
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/10860154989361292917/ Frame F37B 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/10860154989361292917/14763004658117789537?w=600&h=314&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60565371ffa5001aa2a7abc01dc52bdf23754b9299a15968eebeb317dd9412e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 10:59:07 GMT
x-content-type-options
nosniff
age
560348
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38059
x-xss-protection
0
last-modified
Mon, 12 Jun 2023 08:51:33 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 09 Nov 2024 10:59:07 GMT
truncated
/ Frame F37B 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame F37B 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
sd
us-u.openx.net/w/1.0/ Frame 4782
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFh6D8jMkQ5QqOfL4a51yHw&google_cver=1
43 B
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFh6D8jMkQ5QqOfL4a51yHw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFh6D8jMkQ5QqOfL4a51yHw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 4782 		43 B
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 4782
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEBn-SPgYDCZ9fVpm5D-teAo&google_cver=1
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEBn-SPgYDCZ9fVpm5D-teAo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Protocol
H2
Server
2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-97-41.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires
Thu, 16 Nov 2023 22:38:15 GMT
pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um?eid=3&uid=CAESEBn-SPgYDCZ9fVpm5D-teAo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 4782 		23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNVlGBA69ceMOERb7TTMnuq9P-vkoJqoR4llemlbO7Z009DYnKJoVY6OhItN-3PkEveYrDCPFOKfvDKIHSmNLLTlJqBR0p5c1-nrnFsueGgAaIU6FQcGWRYJLKUfsL9Iso4xY_i3HTodkNFPeA9a7trc4fCGCu-Bxlo0p9gy7heBikC0VDA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-97-41.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires
Thu, 16 Nov 2023 22:38:15 GMT
pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif
partner
sync.search.spotxchange.com/ Frame FD32
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEHFiNkHd4i6JIbZSLONTB3g&google_cver=1
0
0
partner
sync.search.spotxchange.com/ Frame FD32 		0
0
sync
ups.analytics.yahoo.com/ups/58269/ Frame FD32 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNXohrKThteY5TLfDxLFhBDuhvz2N_0XMNuInab1xywgXpCcIfOos1hl7y0JBcfcqHwP-N6S6xYctRirMJWuix9SfLvd3JiLAFNMBb1LAJuEGQ8iSr7D840z8z6fr8SSV7qgSBMx6dc3WSAopPpPnOWynNO0IBLywhwxvUOIRtxFQWx_zy4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
gen_204
pagead2.googlesyndication.com/pagead/ Frame C168 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CHrFn6c4FYd-WtjQxwKl4_6I26TIfGC5WhPwgBJ2XUxIxFYMQk0vADeVGtVT7bFhFFHflQj4Z8L3gkOqJGEtT_B4EzLC6fajQe4iku-WMHI0DMwqg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C168 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=508010325822991673&x=1&ct=76
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame C168 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:15 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C168 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C168 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3909
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame C168 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:16 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 8AEC 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28410
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D397 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
expires
Fri, 15 Nov 2024 22:38:15 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
rtb-csync.smartadserver.com/redir/ Frame ABD8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
  • https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEF7lROP8ULGp8ejQlNg6Gls&google_cver=1
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEF7lROP8ULGp8ejQlNg6Gls&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNVvTibibGGYRXd3lgTVMyWrpy45Svm7A3Q2Dyt1VtIL5P564hRHmxnEUI4Lk3ihc_dgdChO_1JE_Gjqc6RX_xnsfFLH8ZD5QmFK2PjARPi9FC-bNtQ1aHkq9zcNes7HTjw78gi-Y1h5bLqT33JFZzacrDt190g6FkaBGx-0qSZ_8p6Nd7w
Protocol
HTTP/1.1
Server
185.86.139.57 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:15 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEF7lROP8ULGp8ejQlNg6Gls&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
316
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/ Frame ABD8 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjgyrvGATAB&v=APEucNVvTibibGGYRXd3lgTVMyWrpy45Svm7A3Q2Dyt1VtIL5P564hRHmxnEUI4Lk3ihc_dgdChO_1JE_Gjqc6RX_xnsfFLH8ZD5QmFK2PjARPi9FC-bNtQ1aHkq9zcNes7HTjw78gi-Y1h5bLqT33JFZzacrDt190g6FkaBGx-0qSZ_8p6Nd7w
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.57 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
transfer-encoding
chunked
content-type
image/gif
truncated
/ Frame FF85 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
94997e329fab026a9f713cd475f5695008f8558220b1a813102bb736feef1bcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0B2C 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYgvTNxQEwAQ&v=APEucNXg9gB5hQY6DFdjW4qzo_CXVtwBdMc0wd_DQJLlfe_MISP_K_fOeLo_WJidTumiwG6l1_Bm7JqqLynrA09zU88FsLVYYvft-UG3UDe7oDCieKg-PKdI-sliJN8-_jHJ348fs-mzJBj80Pgl-k4OiYpZWOGsV1m_mHLYpKcZ6KLYH9b9zl8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame D543 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8674003195043&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D543 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8674003195043&version=m202309260101&ct=77&x=1&cor=16422682046585133000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame D543 		20 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABRfWSeXw4beOiiN_JCkNykRV_pyNPL7TPoCcByUSGKWDh9MHL2MiY3c0ymnrUoYEb0EEnorJgdXaJfKYgwd_ba1FkPMeRdbB8U9w_pb4VZ7tzKxpKICiubhs_uVdS7LdweI1_fIDb3E5_uZjfUTpTCkNC31iwVudqJCMje8G7nJLEEQw&cry=1&dbm_d=AKAmf-BjL3nCEV3dvh9WZZi0JNveI3LzCRuN9v8IRtkOMfX-U9EsgIVRLlEv5plbhG9zkXsLchf1RRBoz_uydyWKBIfrKI7LZpzIYijmB_t2s6b7qP8WWzOd0Cg8vBF8Q2obd2QPr4U6EeapKYre4k8gluifikqOjPp-WwdZZPBgBH9ECVvfupjiVApJ5gBNjrQXrGz4yVmYM56zoYrTJfWdTAz3B_rbpmV0E753bnPKBWH64MV1y7H66pZfvt9ZSbjkhDF0YDXxU_lRPnSqQGcbgSz5Xl7vk2ZiB6As_G_sBstiCvfqhxAlsKnLBFh1ByZruuPVulgsWKfrwirsh4nO2Od3cjUybRB1jV8JRLs6qpnxSbQxMJyelHzi0ovSq5crrD5-J8fEnUq862xaEXxZO3m7uWC7oScMNBiaaw25EY1IPjTaD2_I7TXxhO4h7oKg4cY-D9z5fMEqvrm6g5DSJ0rnFuji85m-bsn7v2SmE-ob8_dYf77hWFKOupuT8-LzO1Ma1DaxstM8PNqB2U4MMM3ebvrUA1EyjCTqxMkkIBfS9aJcmN7KRqIJlyQR4alOyaJ7B6ke3elJJayr79nVkUVrFl0hkcktkpWPMDdboFzX21a7S2VWJsqAVMp1vT16blqAokh3I3eG0pWqZ2t7sws5RUlDtD7K1TM082pIUkmdQmf3rlrwqAihc9wibXkIslGAbh1Hcoh1vebqb8eVkibbWbY_DxS573LJMKDvfMrhd1m0-h11ty9OpA6F2hWf6va0PLR-v0u1zCYMZcwFwsrxCODphx15t6xd4UBF5Xz6mHBXDems1-XgwjgQjzFwT-M9fOqxegXD66_ZHuuNqHXya2lxGY40PcinFYQz1gOWaA50klWo38po16ZjqZjn8mM6hBcMV-q9ar8MJgG9MWFr8MsPZfM0DFn_NGESA2NRVknptwQtRAHkXdgVcDNAU2YNjf3QLo1xnxzno_eMH81sKdmbbZQmrGYROVrZdX_8kJEufIuoXaKcTb-Yh0BuseaHzaFAQ3OpCmv0KT2LJKj941dBKDETUsiCCctTlu6_qJ_vFLns1JpeVgVxbfvUViMoxMYC4zczP012hagkLm_GRPNCgACDf_Om_nKxIbXLGxHHI1NSKs6pfgKySC9OaSZSLRJMXo2gJ4rZCldB6aC8opQiZreB34oANFFPULJbW6ighlQ85XD9c38zwjtqgMUCkwP0EvTQCCnW8LEbmxqbglmT23cBogK7-vodfpG7lLdgVFBCYxGy6RI7taKMSVAEVIsFmFZ-xaIr6TzZWjvgDTw_NZwCYwjzq--nJz-46fnHCXfFD27EzSjnfAmo6GBguny947TEyWQdXwG6SNv0oD-VBHuLPPy3E5mlcTyOSMgyQh5yXFixzfAz0ulq9xal_GlFWBvTFa2qPFjnZJcmXjrQSibHGVRIavQyUSSYoViHiWKdRLR8TN3u6zbeKDy64iN3SZ54LAkq2E3GhDmkY8MfB2xtY4fM0Djh-AwEQqLJro1tCJMBNCV7SXWFGgtnxPJrumc5v9J5y7J7hrYUutD_zJ4UaO-SM8g5qMh_8dwiWciq9utYMTuKHTZD_cBn-N53-5vrxZm076e4121jLF2VsrU0FRX1AFMabCkgeE73ud_oZFmtGrPMReDHaVWOKZPGIAfNEI8dpmSEfV-n50q_HcpgwCXpbplgiTbu0XQKlOE7b8SCTPbH8PMNrVWAKJLgHzxs-68agFceJT7poQolwjHpSfNuFWZRMwO4K_ZN5tcPpQ9kcqbhZSrqWK0Fr7S4mAbq1f74JxK_qbDtG-FlTXsNIxUc-hrmK2W2B1y4sMtEYt-AFuKF_AacKR85p6zI8i8PYfAiyIgGmnkwXrtOHajbD1FZ93iWLwjJLBtvFlEsnyNyiJ2YDhhH168gX27v3esc1lu6giNWrDGBzMGXQU23RvpEaRTIheL24KdDL84ZnvWpwr4xfEg03XE4qlqM6G9rw8xGSF3ZPs-5FC0gNfq_nA1BmOICXLAmGl_ZZ_FnZLmAQbZFUhAQemLJqq0cwTH6fMwO0fy6wgOYvX5vRhGstGEe23nRSeJPMi5r0BcRfNtTv5URmJqxclsINR1B-jomD_h-hyeWOKjjlBmA9g0S89d4D8_G9Q_i01_rD1Aylj53TWMC5Cg6TJDtTSuivCKoFBn90Xn87905KjnEIMCRs7wUrNXK4oIwI6slOf2ocNeu5UFOZUdqzwvt2LUPPdM9HxSK6WkEeXLXwpcKwOtbSbGoPxxN_Vzr_1cbejI7MZBK-R6YtfgN3aXhuDp99Roap2Cw04xWPdikEYI-Djk83_Nrl7rGOIayAf3AFDPLnB-af73Rkva_i_CRSS3uxslnb9WILd21cRTR6tb1NhKKu-xNCMcJPP_yBkkNMj4u3aUE1bZvHDF5jf66KCCTIPsyACAgtXG8Zm50l235gJgtc5My_QqC9zBTWgUviI67Q2xFUvs5mxSVnz2Ke5L8nP89IsV78Z9NUYpBEweU0DMy2Fs1Zsdl3AVULV_9hZrhIAkBggaQxM6Jlp-oxtQBUhQ_iP3ZeLAhP8ggZPMQk3CfPzfofAR9afIEutd3uvm1g9mRcnHzUI3omnQe64i-WARrcyV00hepliKxEToWtoZRLqfFiuh1deXN9C4bRpoA7bvRQjMe-H10EvCSwEsKasZY2TBtYkNkRvP9HnuY2QQQ2ta5u0DhfJHeGB5AifLTzIylRDd_biGS_Z5ujdOcggX0BSZL8PWZLt_X6upad6h0enl_hBqUArdJQTa2XzyzOYqtzgw6gV5nz5g_cZK_pqhFq1CkwrPwXo14uIS3xY_f7bb1QBz8X3JoTSTPXNrEjNJ_d1OY_DflPEJixlQIFDPy7mJBx49uhsGD6IGjX9K4ND9SoJEGQUDSGbhdzUC4L51JCAsyMPag-rUtjmukoiqWDvpgff-xfpn83XF6ntjtPqo5AQXPBXA34zWq_v3F9uznnooMsHRWTComYtEWkoqvWMHQe2chpgIjRJEHg3kGWn0DbchqPJXpJMAzAhqSMdMmvGccPf8ySYQVLrEVi_vc0MbHWzI4o4TR3NzaJj5LjIpUZ7sWN34zJIQz7Gef3laYnaMX1JEkUv5hSTkp1w8eWpZdAtWicQ0Lx8pTm3Te-fftX5TJK96yGccCGliOsk67D5Dl7p5F2dtnTSEwf0VI2FvMKP7wdjCLpaocn67QdgD52Qb0Jf-074pap24_bnb5XCyP2EA4vEo2hNQ0F9Ed54W-NYukjGEoYozmPKr2YQKsT-jAExHQa_WmKDZG-BFCU17a5Cwrje2t585JTeRJ_rvJUexU9dkUTABZxv1tchaUrFBmuBS3sZ0-lm64nQLroA2KAU_QyNC_qJ9fCcVisNqVZLsWZTMPYNC6xQMlP4mN6K03uTgmYjE-qLRg8Xtatu-1CjvExjfRVPqhel0aa2Al3wuXZ3eIGFcCJj9e_qK6O20rdUqCt01TlLBM62mkGfMEYdks52eiF-pljOlbgfJZZ8UuykLSvI3sfrpnCf5Kc6zAFb1U6ft9QdwbvhwzNb8scfa-WD9gbF44hsaYMAc0AQS8w8wUQ4vpG7MByToVMJunCy3OI5G1r6pleD3TCfBinpOudHcZRYgJQoGjSi6f5N2zuYvAM1d50zTBP0xmu63YkjGTKtgF_4dgGP0m1gSXyIkyTB1en9XhvtEuanETrsHKxhxdoHBKk0tqr4dyw2Qf6RJqu-IZDh565RtmIvouA8yyc1ka3qOgdYq8IihT6VjdBf1axVGJw8jiKy6K2L8gt0kBNTCbkCc4zi9jb4lME8tCQzPG_7-GUHADPeKCTMfRsYHaLB74tk7bmhnmz4m7PJeKQZ1JqYl9z89A6OKjvz_4Qgajj3bKbu3Zjz9OS4moPia-daqR8g&cid=CAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=16422682046585133000&adk=1935140218&idt=49&cac=0&dtd=11
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
33d7e7765a50718507efc39c9d145dc29ef473beb2a282a9fef310af69ddbfe9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13879
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 6D48
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CiuU21plWZd7VN87G6gTUopvoC-jysph05Oj558EQm4f0_QgQASDhj_UBYJXSoYKwB6ABhtfXvQPIAQKpAp-bbFKUM7I-qAMByAPJBKoEggJP0C77Ufi79bhUaThvXlC-aZrnRGxmIQPbQDh...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211228507711250533076%22,%22debug_reporting%22:true,%22destination%22:%22https://lilienthal.berlin%22,%22event_report_windo...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211228507711250533076%22,%22debug_reporting%22:true,%22destination%22:%22https://lilienthal.berlin%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22934669190%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212273280932718791345%22}&andc=true
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"11228507711250533076","debug_reporting":true,"destination":"https://lilienthal.berlin","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["934669190"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"12273280932718791345"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 22:38:16 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11228507711250533076","debug_reporting":true,"destination":"https://lilienthal.berlin","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["934669190"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"12273280932718791345"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame CFAA 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
26634
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 15:14:22 GMT
etag
16674218716276178799
expires
Thu, 30 Nov 2023 15:14:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame C168 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8197393345798&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C168 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8197393345798&version=m202309260101&ct=76&x=1&cor=508010325822991700
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame C168 		107 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CD7rHhVUfm-2xbtZa2jnrR54xgoxtKcyinvCFlWMsG7MF0n01B4fqraXqN9OdbhjaEpP7j0RGdXM8EwOOhS2f3BEAEns_mY6mFTpsX8kIFZMQFFH7gu7MULtHFepXfUz5xZt-EqavTLBTmSg2V2iZEBhHpAQLETq3XjdkO7we15tROx64&dbm_d=AKAmf-DE6ejOiEcnqGRZOb9jM6nO339FAk9A5thC9zeTkEUkImt32X5dhcNfAcqihF4b3yD2UjSU12d_p_6TUTmVUQl3RKwpXFENY7H_B9yh-pjymoyd98skn_5Tw14wTbe8WfCx5QoxLoPUOAYpQphT9jsbfPW9Twt165VqHSDnm8A82boWlctSxXK5dSwemsAKhvPRPt1-rW_aBJovU3R-MCiPEVj-n6VQTlq55KCXLwjSIhzpy3BKLUC5lc9T1rqp3pE-LfmHMb1rWyMKAC9sU6W-iiLMj1Ws0insR1q_hTevemDnXUhBntvFUYmposSK20-7Bv5lHN3yj5or8NwklOKLnDwKduk6IjTXaY_K6FBc7mw28zNX--7t2yKxvYhTPkR2vBKKXw-9Ws8-7B31WwZfWUY_ddkGiSknsv2_2jz786Hbs8YXoVYLeQMcNnSC_lBxpNzXLcmRfM4AIma1MZusr6QGrE-59yhHErgm-4IT9uPYf5V7_4xv_Ay1oCW1xzPWooNkpcniH4DinAGNHOApghz3SDEhR-1mqBg2WdqZBai9FS1irRRXL2V0Y3X8q4Rn29g5cTMR0d8w_aKrJz-P3OyxKC1vspE5qfC3xMSDkpVgpUJaSHaoBEpPY_9aGspEY8Qc8hficixAfNT6JXGQ4zLzXlB1JoTS3Hf8qgZkEIKoRULm-ubcNs4RXGN8QM5_Pdu5AD67tEUmVTryxQ_KgeMkhJhnPrYEQrC8XPApFXLihRI-MfcKmvQg-7ypyuY-ZK2Ca2VSU0BHVREjDAyAEmWXenYAd6Bf2D6Ga7z71q62xA3NhUZ6jTTbhS0kQcOwDTP05-Teg1qT04FLr35KMB3u0TjrCaAy4ulxDvXmS_MKfbjHYTnYoH1ZB0d6cG_6lcl8jiE72uxoKJSYAl5NtmxDdSC9oBhtFUBewRPooRWGctrzY6plX3gTmaqGf44y97rM-Hg0-xY3t3zj08l0a0X6S6BnQPIByfKzveG6rXrWA5AW0Dn8D1bY4xkPcm_y_fafPSnG-cO_UNIrsT3apgfz_FKnG4fAAn9wG2NSjjv_sWivd5JLhYqYeiWCpCFWGClZ3gQpDOAUV9oNK1InOPrdONJTh8k9Y-JcCocPrvPy-5lfTvIR8aQNo4fUZXo9GoH_gx9LaH8O73fQKkv3UFBi8l5xnq2Sb9F8rK07oj6bFtskANa5ZIsCfeopW45l1cxrHWNVBpC-wNQbU5YojceUoyZbcaNLILEEPTwqLg26YBhldJxTGXVqQXLfcvBB_cLgk8dH7VU-0cZnY6T9rLT2W2K5ttN_gm1R3u8t4JFYP_gF0q3cdHIh_z96BCgqcvfMq1v7a6ACOb6LKH5vwWr3MlTXq1PpM1dkz4eKdj2K2vMHorzWSz4PShnRDnnn0bGwZGkv77EkM-zQcCP5HDmcHs3xPXMDqGU4HO1W10yL1hUt8MzwnSZ0x1aCD3X1QT-IYSEjKo3HvQJZXv89znb1Cl3xoTE7gmESbievfNrAupKf6UckyB61uSqsYWHB5Cxthj3sVotqF7PBJ4e5vFRAVOwzXfwvITDxOtYMbAx1TT9dcp04aWG8_oKy1HkcYcfphL7QaNdbCHhPA8sikEDiKRaIGI8Cs6u0r5_kKpJqxMUfuFTz5sHEs3hmk1TDbml9Dbbwvr6vemxI9czIe9qmaqTRHEDyAgi403tAAnB-okZwgil_utEzsnRLuSi4eRFwN9Um-nBHkGBAn8iyYIuH08280mXECbsRXX9heTXX4hJrCoBtomJQgpkNjDiZEVtl6PIJXpLK5Xt4NCPUEpj5UIiswxFW9gi56M0V7bKNsTI8JMP-x6NL2-9ncMqBhPBM8wWzzZocH1YC7V9jnCafmRX-W95132wXMz2a54gufXeHoXPPKeU_PKuQpfsdEz9qme-PPf1KEZfk7hgnbaA6Z6gfZy9kOFDjUcWHm8-iV8Hg_Ep6fmSi_bVWEcHt_fcdO0vSufiGzPQ2LWRoX21P9m2K8PjB-uKGzQ1Q-jQeuZEDP3bXBB5QlqSOUJohJTCj4klnzqNmWKu70kycKk2I3w_HR-j5GHdwvvPArtImA2YzERZ7kneCNEg7Nykt6DX_Bq4Lu8Gw18CMGJxIZoXEnD6y_8JmW5Pd8H_WW4rl6gg93cWAmISgoNuT8eX4QsTpsezYa--AAkVnCHQM2Cy44WKBVFi_gFihI5oSqu2bZl6h6p04WL2OltSPO2XpMAluARbbVHkbQrrjnLubTo1ylw7tleb6RPytVpGAtJ_SRtCN9sYgq11i3R_hfvBpfoJ0UHE5SwT_qkt2rs88ttuhHfonaqmkqfd7gjnnb8Yf1sT-745-mCtRE-WXrFrhrsEiJyk4UqOvK_Bvq285FNFD3I57Kgg-b6oCxcxVsMMwE0e4TwqL6H9YoVbNicau0p_g8iHpEcnkDS-2C8ABaZL-4EhXjRWbSW0dWRFVvYb-_s-jQU-houPS3gtBy81puDh5eB7xCi6cKp-Uc90xZBtLKeNvRQB2q8RSlOqr1b_0y0-gvP4niEHBEQCuMRNIj62Z3fw86Le1kwDgLui5OIFyGVUGBxdWScoDCTgCLEfjCV6vbRxcv8FCs9M_R2zIzBmMeTtFsgx88DExd_9ChteXv04Es-_fAqUH82SjiQUfF1qsdTZEbRTWfCzopozZPQH7f-cQidIub2G8JcXB3_wKewuQFcDDqLiUyRi-s_foecwn73OLL5QCsKdLZANp7rBx4wL8Q1waq5buxY8pe4mMl-CNnTVKmba4AQfLfJkUtqaa560tWvt86H_Nb-XL6kGsAJktfuyyJw5sV0k_9ttENS4NL1KfzCyM3crP3MOJ-rVJfckb2nnKkKyDpCt0b6gIFtghNYR_LI7WXRYaXxPkoP2R7l1Eecr14mxFvh0rLrSSRrEofxVAXCEQ7ro2BJ66O8bxburXC42dwZqUdnJ430pDsOlQkUZFwL2rWerIJxVGCFRff6OivQUg2LA6x-I0yQs8gdXj3fktjARKV11vOs7VD_WaR5fsTjcxEXGjPVKBH4Bt8GrvAr8WwWfFkQKG7UXnpLBp81PiIKWCjvvemLbGlSackndRBtuZwitBHP-S36rAGLQZ-dW5VIPRQ904oeDLX15KxAY5RtgIuYGHQI1l5rZUWmfKdmttf3f_ZE1m8ajNnp9wCF996wbMwdG0bxkV37DPMWQJP1zBEpeaobPWgZs2cnvHJFdG6gt9TyZGhaYYUawK7lFBtzhHsY4pftlP6HQPbYWStmhtjJxrBwWIujE5qYAQAMht1OwD0cQS06RLt2JVY-GvC6S761PpYzCkfzmXC6cFo55hFtVxa27ZZKYQ3bFStR8v8CmLTZTcKCLNv4-ODYPJ6U47BvytDcWr0qkklkwkENIsUIN4MJXNbswx-qpPIRM6yJy1DFLvU665cVnbG1GQtufFa-hTDaz-SNvL_ZTZXskNkCxL1sf-OlGtLcNgYGcmdmMMsmZpuDwS6TIeDlrp800CSq2srdO31qfyzXlCjvW6Gj_eKodEtjBbH-OJfZ02-TqDbN5zRETxjbnk9mtjednAdkp-rF9gnxoC-wQ_pMjIhsuahxJ5NhUZHAsBLT8AWf0fisnswNy2sf-JsVvEODRw9mxQL_DgEfqyrqX_HAxhMl8ks2qwvtW6UcKRRW6CllMgx3ITbPWivAJYnUr1ph1gY86y4GTUksnVC9SdqnQNHUN19nqUGdFet-GdI7VDDXu--a_RLNeTc9FVYp62okLEDhVa749Y0nyXV26uqo3sdP-s3Yq3Bfk0PTHvpSK5sXSg9Z0opjEhUI_cWtLlEu1U8PVCGqwhyrwmT7WFBeCyxGgHad3TiclTjgjQ3mVhzAFMwHdY5liyrn0jEOYmA08onRo1Ru50_U9faVtqQNIcnl2opQ&cid=CAQSTwDICaaNsG6TiADcSpCOZhAFlIQgiBoPV5nNfROqZECE1TZjjJHu6NY1PNDXvQg7oX0v2Uvh_XDw2pBeqSgNvO3zL83CPUMshT3RhK_LjwQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=508010325822991700&adk=3944675600&idt=56&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8e2db3fad893c3c40244025d6bde1274f32540c68c94488facc3f40c7bae5659
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41947
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3CEC 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNWXQG5R6cIMe4WrSUR7EYYGbt-fX18lqmGMPI73tJi13KGkPjVYCyWeYMzFqKrz34G8JvONuxcMY_2SQAe3syn9d_0LbyrOTNUmjXnS0u-qGiDer4rK5bByOmevB8HmvncCp8V0YrxjG0epLwxA6n2yv7GwvfZNf2EtpYBWA_baYWxWv5U
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:16 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame D397 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:16 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B04V-KDaiBJ-FPLis8-UZEDOY4EEIsWq1Oj8kVZV_1IUCcduAr5Qv6ty25wXDjK6obizEpMD8vjnrDpx3k-sFyDVJWyXvmuUWvtPWWgNma7D07pCE
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11498287611133712709&x=1&ct=77
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D397 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28413
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D397 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3910
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame D397 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:16 GMT
pixel
protected-by.clarium.io/ Frame D397 		68 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_RnNlZXpfLW5EeVdRWElKc2Jub0trS1RIWEM0LzI4OTYyMTcyNDA6MzAweDI1MA==&v=5&s=v31hfd4ht0p&id=eyJkZnAiOnsiYWQiOjQ5NzM3Mzc2LCJjIjpudWxsLCJsIjowLCJvIjoyODk2MjE3MjQwLCJBIjoiLzI1MDcyNDYsMTAwNTg2Mi91c2Noby5jb21fV2ViXzMwMHgyNTBfMiIsInkiOjAsImNvIjowLCJzIjoiZGl2LWluc3RpY2F0b3ItYWQtMiJ9fQ%3D%3D&cb=6880695&h=wwwproxy.uscho.com&d=eyJ3aCI6IlJuTmxaWHBmTFc1RWVWZFJXRWxLYzJKdWIwdHJTMVJJV0VNMEx6STRPVFl5TVRjeU5EQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODk2MjE3MjQwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.15.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-15-230.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0
server
nginx/1.18.0 (Ubuntu)
expires
Sat, 26 Jul 1997 05:00:00 GMT
truncated
/ Frame 770E 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3bb3ae36789a86307f11a87006a35f4e9f069c57924141ae4e48c773ad097536

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 579A 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 6D48 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
521
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
pagead2.googlesyndication.com/bg/ Frame 5BF5 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=3554926738&adf=2050041687&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294526&bpp=1&bdt=1191&idt=334&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=342
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:40:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
176263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15051
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Nov 2024 21:40:33 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/990511/61634099/ Frame B338 		255 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/990511/61634099/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hQY9tk2w-mgjMdohIuaw3B
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.77.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-77-146.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d1930e88e4a3ba8445fe8e4afd7d665be2069980871c0f3b85d1dc646684448c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame B338 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 06:30:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58085
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 06:30:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame B338 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4Y1aaoJUWu_bLfOJefvMiqLATdEbcv3c-0mgzyiMV-wJzzbX5xeMDyMHVfSex5hzAWplO2TThh1Cl3BEfNfGjs_XIgqrNv-jXtGSpShSoxCiRW7xvfmkc2rUVgoq3l1Ec8RxvFjS54V5q-W3ig6QznIMGzQj6H3nEHotRrtlYf7NcePE&dbm_d=AKAmf-D6twxsrTuLrGI_NyBdCc_OTmYqnWEnLSg_gw-6vmLJQq8WxwECDBaCs6CaXOo__wYK5n7SQUpcc9Nhgr8xEpb9Nyy9DdZS2u4MAgzSe_gmhiSPTCPF1Rx_x7_cig0lnygZ16API1hflqEkg9O0aXplCH2vH4M8RCJ6lUbyBSqWGOwNs85r4xk5rphf1CDCTg_ukQVSAiWYIKeKVKIfNKgKmtNOTMmBI8z-Ebh7PPyueINE8miLmel4S0Bb6fpck_-9cV8RIHFN3Y4cJR1eVFpUA6ZZLX8ka5Qw9ThXFR_EgZaaZ9YD2Kjs01mZxc0856swYIqS3w347mA3na8QX9Pgjm-7VBQzTdJZz1vQkxPo08cFX9LBJX_Pgf3g7Go2NnznFXI3zgCoeDiEB3L8Nn8qHdEVVmCK6DMEQtMVtVf8whASQRhzUBcJTRMf-weYLwc2sZucasWh82Afb0AIqiA8UT8cjg6JbwzI93MRvDgcUi9HlaB4_-TX2DsDpDXTEvBzfxfTr0-o3pIUF5SMwPqFXpzj1qLgUZG0feeXXfSoXJSVCTI6c2b-OTw-GPSnOi2CuEVUEGkh02nQgf8z_k8U4o4GY1uZO3H2agNuPDg3X5Eb4HOswgOnppt5OS7F9NswDZMPkkPzGjW1tSU3Mu7R3FTAq0JGyoVq556ybolOKRptG1ZP-wjVqNB7DCOnWxTZzDGAsh4T65OfVx9YyGK4ANdxKuaT0dr38TYqtpYOgO_F3J_Wm5qqiflfkPxSvMQt2kTUod5iTgYvq-Y_OyvYTjiT2ZpOJQT2hCjUFEROm5zrw7wvUEihMoqBk6bmxvODjg4ILnkKLEfPULcyTHnTEP3ZksS_a0GyfS4SCS_Asi09w0qlebrcO-IDtXThaENo0aeCFY4DewvccjandPn51Eug8kLQho8_BVzXipTmxpa7Elgxhvspf0XeKy3hGzSzP9DCjvfAe-b9-lBMxAcMBrWNo1h221iLMSLCpx7YpKmRhttyYIvreIqPX8ELR0KjN6qwVudjLNMDfd8wmkCsL_FgVuS57t6NG0rbt4zNShH6Fu4zdbMAUOYCXHhXVbeSvzHtLslo3_d-XZaLZ3k65oW6KtkM0wntKPdanLLXJ32WvQFMMjSVzSCHURU9oFTOZ88SO16VpFtNtASSw5c125vMzCw0dj39XodQkGnEvrSIkWHAzdbRTdDjHVnN9qxC1QemH2NI_bPgD7LaAKC0N7V4MEVZIwoXmwfl9h1vM4mapv8W-MjL-7kVwzNmKIG_A4GmOd6tfYYDYH3Ar9T3z9eycvLXqdWo-TW3bKkWYK0puqwRC96juMZfnxzQRlQ1rbunkrs3iZbnjkvvzBYggwlPg8HfKj1CFKS1htH9hKwSNJ9vAooDfryveCQxPhz6VCoNwDo4-GqWV09QEvo-2TCrupkWeqft0e9tOkbM2es0cdBBa4Eu_hewZXgWWLzIkCzvqTIYJWp4cnkk0X2L9feveyedv9CXsobJafoLjqru5-BFMN8xhDa7NOuoYJkRTw5LczCzsCF985o6ZlBUF4XCjU6WcHdnnp4TQWCQIuxZDwmnmEt82jAG4x_wV2x2682sAr6Ib7V9AVylpQX3Ivx_9rqSLob59t4Tl6A9dNYnLQoZVjNMfXN0nFhQPc-Jc7WOL5FIiZeINbjWA8gbnaGhGyZi-jRxa12rlZNGbb5GaNzMn9D2AMlQMIEWZ32Bqw7xn8ON8RFJtYDfQaaxqGKBiAyu5qr-PKMvNnEWJEyTk-kIvvRyTGj0bheMh_LRP1Ivvk3WQ6bFb-dz5yceMMb6uRPXEtWyyCfjFe0rED8ZtWCpWAT4BQjdLb_7ur6YBz4nD0qVUo17XXtT5svgjch2Jy8DiF7jT3MqEtMgPz9-ZOPu4Gm713q2tYijlpwW5YOFS8UOs0ej4RXw4t6iUhx0E35W04tlABDxcsOOXVB9ejucnoE347orb7BkacGGgN6muFBZtLgxm1Lx05rw_HPqFZ3Xd4z4gT4LVdgWmOcX0EBjWvOzU8jNBCrfM-GJpCBHRfAbwsv0FWFm1ah1MuUGr2x46EyCzoZ3ydDwae-4rVqe5EsVbMnmheuyxM1oxhF7s2C8DRmSGBIa0TMy5FYqWNZJyfz4cOfwMU31pLJS0R7zvYvops6-TIBNVsWd6BnzM4GhlrfzJhj5YDdEZjSiqN9BCPSbm-NCyBfPJFib1VsuDVjj-jDo9K-b5K2OKCg07BNj9Y1Y9W_e5-1_7-I51ZSvFUgR1-OtfkjtWQh6Nt3370_3WOrL3z8KVJ3cVWqC-t8O5NqZ1cw94NZGTWScLaJotGEgqqmUrnJxEodatHgRo4nTsQc5Hf1ESb-o1rTny2qkTFGNHKcP6l7iu_rRNG9YLyU97bvldBeufPgAF8nasC1Zf4B_ZdNP11jElNK_FIlzMxb8z_2zC6Jtpv89SPDWwI63jgOmpZpPFdgt0FyITnnLK0bfrT7_Kg3v5SFxdxPkboA06bGiLRs0IZCguJyiE4uhlp0wQPOFFENRqMW1jZmMVPVXhd2DGb2BNhQYXZ1IMshD80fz65dgm9FrfnhjBBJf1vl8FGNfYpfEspBWpVr22Hfoai_AoXgIH0uNa1-yPaVEDHcm1Ler0aOyzUXcXvLFNj3NUoZmtyxDU_jbtst1jl6pYsESVRLfonNXCfNoMwu0BshrkTrXlV0pCVriW0d3u-yODKUPrNhKyPM-gP4MgIMRj0qy0FEIbxtSlIGHHQ6bKr98ZALH5aEf2fsnqeIilDXRWnx3TWoMI0UE6ju94TxkWx8tH-AsPS_sM-8U8vFGIhCzNgQrU7EVKdgeiSRbI9pFxzoYajN3kdgBdgkJZT8He0VXK8mIiCxfptM-mwU0KIF74oaxrLxGk-vZCIoZgm9Yp4R1h1S0SKnoQuLzVsOrc4YBAFKtwhQM6jgKiJXpjLM3XPzMJ9EmC3BFq7lqs50GA3-KXqr0eZ14Nf-PUAVtLZZ7sqod_Duo1XfwdwZbs8OcIghP8Jp4Fbs_U1ZpUsw3Tr-mrxOmHVFIXsckIK7wotfXSsG2kJ69Y2vFw7aiGVig_re5yRmW3KIboWT96hnlNqHZyupBhgD2DZY-XDRTFJJTf1I_eBPMeRWdNDfX-pVJR3yxLE1QBreQqCxWMx_-AM5PqHv80Zr4py6u-dRnrQjc0xhfK4dur3l-z5V9xHx9gOimPqYyAJUYPT1aIroJGhxtORYEhyOisZnSVv4gWWaG_BFEghQoVAouvM2HMV42shfMHuLPBH2GlERkaLq81-b5JZkOrkanWd9gOjWo-gmWLeSukOQOcge3Ypu3TtORiV5GiJ-AOctacJP2PT0eeNfd9-784aXZpXQKM7PTWEOEct6OjHCtuq_lzuk0qiCxbHGJDOuUBfGzxGPHZJ3YE1nMkTNOp2GeI-UNdXXDt-9hw6ybQYuIUaZs3RHczspKBc_-LbfcjxRWsJdDLd5uRvm2m_5ySlTocUJRULNDWzzPe0CkEfD0yuK0-KN3UFM_T3vjf-N4kAGif2S-kh8PJNl_1Dnn37eU1TyB7M5F2Evl9mkIpYsz9zQGnklTMAKsV65iu6daUBYHYMq_j3fF5v5IP2PWD0e_1nlV8EsG-RWj557Q9RwBrm-LcjHJarhyjLco9BxJzMYhJ2zMddNcY7rumv_cGbZA0sBzjQ2dPX1gb0g0K2CZ4hkb_DAMb6144jXiKgqWmtb5jBoKaNk5ALznfpF59m0OSsXK4vwKnyP_ikj1mWF6DZEQ3AK5VceaMJmH_YjrSECw1rWtPWOHG1dfUBZEzTM5mTer6p9lXFtlHXyTOdJoXP8SWUMh2zoLTD5P72nXW-PmozGuWCFNHSMYy7VxCmZ_gVols5OGR_U0V1A3wzfLgmeffICEtWgK6En_CVmlOGNt-X3FNT_9H3B54veW8Hw&cid=CAQSTgDICaaNLmv8jYNs-3CdZYiJXMHn0knQRUaznvd5O0ywYW-FnbkSlPEggFWP-cLPK4liAI-VwCZq3ppnrqLmPlBtDeHQEVFtA68d7LUBHBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=7448453724097452000&adk=3690638929&idt=38&cac=0&dtd=39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:35:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
72195
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:35:01 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame B338 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4Y1aaoJUWu_bLfOJefvMiqLATdEbcv3c-0mgzyiMV-wJzzbX5xeMDyMHVfSex5hzAWplO2TThh1Cl3BEfNfGjs_XIgqrNv-jXtGSpShSoxCiRW7xvfmkc2rUVgoq3l1Ec8RxvFjS54V5q-W3ig6QznIMGzQj6H3nEHotRrtlYf7NcePE&dbm_d=AKAmf-D6twxsrTuLrGI_NyBdCc_OTmYqnWEnLSg_gw-6vmLJQq8WxwECDBaCs6CaXOo__wYK5n7SQUpcc9Nhgr8xEpb9Nyy9DdZS2u4MAgzSe_gmhiSPTCPF1Rx_x7_cig0lnygZ16API1hflqEkg9O0aXplCH2vH4M8RCJ6lUbyBSqWGOwNs85r4xk5rphf1CDCTg_ukQVSAiWYIKeKVKIfNKgKmtNOTMmBI8z-Ebh7PPyueINE8miLmel4S0Bb6fpck_-9cV8RIHFN3Y4cJR1eVFpUA6ZZLX8ka5Qw9ThXFR_EgZaaZ9YD2Kjs01mZxc0856swYIqS3w347mA3na8QX9Pgjm-7VBQzTdJZz1vQkxPo08cFX9LBJX_Pgf3g7Go2NnznFXI3zgCoeDiEB3L8Nn8qHdEVVmCK6DMEQtMVtVf8whASQRhzUBcJTRMf-weYLwc2sZucasWh82Afb0AIqiA8UT8cjg6JbwzI93MRvDgcUi9HlaB4_-TX2DsDpDXTEvBzfxfTr0-o3pIUF5SMwPqFXpzj1qLgUZG0feeXXfSoXJSVCTI6c2b-OTw-GPSnOi2CuEVUEGkh02nQgf8z_k8U4o4GY1uZO3H2agNuPDg3X5Eb4HOswgOnppt5OS7F9NswDZMPkkPzGjW1tSU3Mu7R3FTAq0JGyoVq556ybolOKRptG1ZP-wjVqNB7DCOnWxTZzDGAsh4T65OfVx9YyGK4ANdxKuaT0dr38TYqtpYOgO_F3J_Wm5qqiflfkPxSvMQt2kTUod5iTgYvq-Y_OyvYTjiT2ZpOJQT2hCjUFEROm5zrw7wvUEihMoqBk6bmxvODjg4ILnkKLEfPULcyTHnTEP3ZksS_a0GyfS4SCS_Asi09w0qlebrcO-IDtXThaENo0aeCFY4DewvccjandPn51Eug8kLQho8_BVzXipTmxpa7Elgxhvspf0XeKy3hGzSzP9DCjvfAe-b9-lBMxAcMBrWNo1h221iLMSLCpx7YpKmRhttyYIvreIqPX8ELR0KjN6qwVudjLNMDfd8wmkCsL_FgVuS57t6NG0rbt4zNShH6Fu4zdbMAUOYCXHhXVbeSvzHtLslo3_d-XZaLZ3k65oW6KtkM0wntKPdanLLXJ32WvQFMMjSVzSCHURU9oFTOZ88SO16VpFtNtASSw5c125vMzCw0dj39XodQkGnEvrSIkWHAzdbRTdDjHVnN9qxC1QemH2NI_bPgD7LaAKC0N7V4MEVZIwoXmwfl9h1vM4mapv8W-MjL-7kVwzNmKIG_A4GmOd6tfYYDYH3Ar9T3z9eycvLXqdWo-TW3bKkWYK0puqwRC96juMZfnxzQRlQ1rbunkrs3iZbnjkvvzBYggwlPg8HfKj1CFKS1htH9hKwSNJ9vAooDfryveCQxPhz6VCoNwDo4-GqWV09QEvo-2TCrupkWeqft0e9tOkbM2es0cdBBa4Eu_hewZXgWWLzIkCzvqTIYJWp4cnkk0X2L9feveyedv9CXsobJafoLjqru5-BFMN8xhDa7NOuoYJkRTw5LczCzsCF985o6ZlBUF4XCjU6WcHdnnp4TQWCQIuxZDwmnmEt82jAG4x_wV2x2682sAr6Ib7V9AVylpQX3Ivx_9rqSLob59t4Tl6A9dNYnLQoZVjNMfXN0nFhQPc-Jc7WOL5FIiZeINbjWA8gbnaGhGyZi-jRxa12rlZNGbb5GaNzMn9D2AMlQMIEWZ32Bqw7xn8ON8RFJtYDfQaaxqGKBiAyu5qr-PKMvNnEWJEyTk-kIvvRyTGj0bheMh_LRP1Ivvk3WQ6bFb-dz5yceMMb6uRPXEtWyyCfjFe0rED8ZtWCpWAT4BQjdLb_7ur6YBz4nD0qVUo17XXtT5svgjch2Jy8DiF7jT3MqEtMgPz9-ZOPu4Gm713q2tYijlpwW5YOFS8UOs0ej4RXw4t6iUhx0E35W04tlABDxcsOOXVB9ejucnoE347orb7BkacGGgN6muFBZtLgxm1Lx05rw_HPqFZ3Xd4z4gT4LVdgWmOcX0EBjWvOzU8jNBCrfM-GJpCBHRfAbwsv0FWFm1ah1MuUGr2x46EyCzoZ3ydDwae-4rVqe5EsVbMnmheuyxM1oxhF7s2C8DRmSGBIa0TMy5FYqWNZJyfz4cOfwMU31pLJS0R7zvYvops6-TIBNVsWd6BnzM4GhlrfzJhj5YDdEZjSiqN9BCPSbm-NCyBfPJFib1VsuDVjj-jDo9K-b5K2OKCg07BNj9Y1Y9W_e5-1_7-I51ZSvFUgR1-OtfkjtWQh6Nt3370_3WOrL3z8KVJ3cVWqC-t8O5NqZ1cw94NZGTWScLaJotGEgqqmUrnJxEodatHgRo4nTsQc5Hf1ESb-o1rTny2qkTFGNHKcP6l7iu_rRNG9YLyU97bvldBeufPgAF8nasC1Zf4B_ZdNP11jElNK_FIlzMxb8z_2zC6Jtpv89SPDWwI63jgOmpZpPFdgt0FyITnnLK0bfrT7_Kg3v5SFxdxPkboA06bGiLRs0IZCguJyiE4uhlp0wQPOFFENRqMW1jZmMVPVXhd2DGb2BNhQYXZ1IMshD80fz65dgm9FrfnhjBBJf1vl8FGNfYpfEspBWpVr22Hfoai_AoXgIH0uNa1-yPaVEDHcm1Ler0aOyzUXcXvLFNj3NUoZmtyxDU_jbtst1jl6pYsESVRLfonNXCfNoMwu0BshrkTrXlV0pCVriW0d3u-yODKUPrNhKyPM-gP4MgIMRj0qy0FEIbxtSlIGHHQ6bKr98ZALH5aEf2fsnqeIilDXRWnx3TWoMI0UE6ju94TxkWx8tH-AsPS_sM-8U8vFGIhCzNgQrU7EVKdgeiSRbI9pFxzoYajN3kdgBdgkJZT8He0VXK8mIiCxfptM-mwU0KIF74oaxrLxGk-vZCIoZgm9Yp4R1h1S0SKnoQuLzVsOrc4YBAFKtwhQM6jgKiJXpjLM3XPzMJ9EmC3BFq7lqs50GA3-KXqr0eZ14Nf-PUAVtLZZ7sqod_Duo1XfwdwZbs8OcIghP8Jp4Fbs_U1ZpUsw3Tr-mrxOmHVFIXsckIK7wotfXSsG2kJ69Y2vFw7aiGVig_re5yRmW3KIboWT96hnlNqHZyupBhgD2DZY-XDRTFJJTf1I_eBPMeRWdNDfX-pVJR3yxLE1QBreQqCxWMx_-AM5PqHv80Zr4py6u-dRnrQjc0xhfK4dur3l-z5V9xHx9gOimPqYyAJUYPT1aIroJGhxtORYEhyOisZnSVv4gWWaG_BFEghQoVAouvM2HMV42shfMHuLPBH2GlERkaLq81-b5JZkOrkanWd9gOjWo-gmWLeSukOQOcge3Ypu3TtORiV5GiJ-AOctacJP2PT0eeNfd9-784aXZpXQKM7PTWEOEct6OjHCtuq_lzuk0qiCxbHGJDOuUBfGzxGPHZJ3YE1nMkTNOp2GeI-UNdXXDt-9hw6ybQYuIUaZs3RHczspKBc_-LbfcjxRWsJdDLd5uRvm2m_5ySlTocUJRULNDWzzPe0CkEfD0yuK0-KN3UFM_T3vjf-N4kAGif2S-kh8PJNl_1Dnn37eU1TyB7M5F2Evl9mkIpYsz9zQGnklTMAKsV65iu6daUBYHYMq_j3fF5v5IP2PWD0e_1nlV8EsG-RWj557Q9RwBrm-LcjHJarhyjLco9BxJzMYhJ2zMddNcY7rumv_cGbZA0sBzjQ2dPX1gb0g0K2CZ4hkb_DAMb6144jXiKgqWmtb5jBoKaNk5ALznfpF59m0OSsXK4vwKnyP_ikj1mWF6DZEQ3AK5VceaMJmH_YjrSECw1rWtPWOHG1dfUBZEzTM5mTer6p9lXFtlHXyTOdJoXP8SWUMh2zoLTD5P72nXW-PmozGuWCFNHSMYy7VxCmZ_gVols5OGR_U0V1A3wzfLgmeffICEtWgK6En_CVmlOGNt-X3FNT_9H3B54veW8Hw&cid=CAQSTgDICaaNLmv8jYNs-3CdZYiJXMHn0knQRUaznvd5O0ywYW-FnbkSlPEggFWP-cLPK4liAI-VwCZq3ppnrqLmPlBtDeHQEVFtA68d7LUBHBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=7448453724097452000&adk=3690638929&idt=38&cac=0&dtd=39
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:49:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
64107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11874
x-xss-protection
0
server
cafe
etag
3876053170955424897
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 04:49:49 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame B338 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/990511/61634099/ Frame 2CE1 		255 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/990511/61634099/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hpxB842lMVuCsp7PmpMedE
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.77.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-77-146.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e8faca56615dce5f74aee84dd71dcc41068eeceeb5cc34692a7c202c9218d2e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 2CE1 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 06:30:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58085
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 06:30:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 2CE1 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DV8tgfnHaq6SupqljIpausjr6dz91RBE4trYJz_28fWZclalFULLyxq1I-PXw7pHqrCDThcUln_V1TsNB4WbdELKN_3oyYgOPNKOx-QqmbR7DDTDqrZMKIJWD9YzTXEPD_LKDYK3oCyOrximU63TsDMokIKYfgrURrGlEgmaBV6jNStVs&dbm_d=AKAmf-Bd9HZF_x495O4Z552GOf3ojw2PeFzqEo6d2ysV66vkLi7EM_rmO-6QNWuYmN8EWSrOj6kJsIxfjXiKY4utM1GdNuajtFwPFM---uVMrmes5fXrIMkeqxNnawCdGJuJbGwSKSb6_nuwR2AUOoNPdivtQsjDBZGiz7BBr6IhY-ru6xIbNLhFq4QMMNNvGQI7Kcte1-UERr3L8ehK_1JAxw_SpqTJYKaPkpEv-wobfLUxZh22c09gpJ5bf4NqsmZr2lk4xnYNMNZBsSLLsS7Ce5WqblHsZ7BQU7mKuEEio0mb0cQX2cQnfjnittZ3QSIcABR0N1si4-jsPrhcS5nUA_kFRZMvL384Yuio2rfiGFVktmxo084zDggKBSZvcFO_hMviYENxg-1M6Z5_jzC8kxkxr8Nun0uvILkS4YlO7yTLx71fzr3ViadyF57T4G2g7KysdknIvZ5mEnOicbPqfaeDYoKBTjv5N6FYrSgAWYGsmfsgRRU45b9QsCEM9c94xllfoBEWobcnDdavjuPwPuPdH-w0KVH3ghVLxBTtUdmx0qitqubrkuu_w6hE4KGn7KdJ3q5c_qjHZsa6Zy7z3sdBNbLMSASLfbiuYP_wSlZlape1HaeJzQwtG4f_OKxvNXRenTHgnzsIR2RIG1Ji262IJ6Ep4wkFYPkHa4i_mFB-w89CGyc_R7ni3TiiiEIvU7_jiGJIy_15h5oovb_MIpl78n1gOKxNvWkVHSujz3taCh8brYQS3vXuLNqR5Wu5lqT_0nBtyeppQ1SuFL84rMhH1XqwHDe9QKlaFJDyzB7YOn1A-uEjYzZoaXYTxVG7eKmlxhUH2JexXDpYFmz6WjsbBr82qY9hH7F1Tgh9d6WQpdxaVp-EOoeG71QHQEjeSvsh1v06vPgzVV4rEsWG4TEVuen9nSs-AvFUVf6RZbpCPXvO54p_HvXG5dBEJ81Nj-Jky4oGAR1OoQeUpC1UWRsSmnXLeDpD7r6Bb0iKzZ8UGvwKB6HEgU5VlRfaUKW4cas-d7Xq46TMXOSMkH031bXavacd2H7NS3fo6YSCezr52ws6PlS1ZTuL-rttBThdwv0aITUpEX2_9lWlEqYK-FuZyQR5zLxkP5ZmJBpAYOjAL5lUaWyhs5h0s6rnKvKRWqhHsFEQiQQnhUO6nXj9leAdP9CsNo6_tVLA_GxJZvCJ6MJWdn2eLiHphZIVeknuVCzDVQl2Ntpa0RTyTeqS_W_nHSKqoOACNe-2KRV1eS5_d7RDW-k_LbVj4urnFpZObnUfhiSNjzaxWm8ExSuxSVyJaGd3TGJ69Vw34GY1q9qJfFXAjN7yNOjc5LQfFNYIJ-Zil2ju-dp5xmfTkLzhk7yM1BEL4_QTvnQTOuKq3AE9T5ZBPgujaCoeBbEJ63mt5tKhsuoe17KmEMxrj-aSUsxp-3Qqi6lKeVnnUMnkHaB2q_NxwE_YbowvT24SBwnqNw-beanor7ySBjWhFUKMc6larMoXydTKm-z6CjTOCv-CQn5ZI36AALhzK4gwTjwVSOTwKLVRtPFqhP_IjDLbSMSKn4AHIOVBwZTc20Uw_grvsTpQKT-wlNKw6n48Nf8PWUlnaTbq78JXa-AkzK4PcHS4HEql1RtfqRCWF3ZGobMajndcecX6HyxQ8FKVKuV_6BgGLxzJy-a7vpATVK3nTw5CoXNhyE1Uxvv_Y9RSjAYkE1_L-7Wt7M05Vp56u2ayi0NWi2saOGQ7P0rWGYIgv5pkMKWlgqP0VOqWcSDT7E7mdr_1oxDYNxeLezZUKowVBfX0isRh1FKpwnreY7Hj4uyBsHA2bLABVnnTPDK924qNsbypLSz_JnXWRiXH7K1EZX2YHcn2jvDlZppD80Nw6RIJAkRVoY_XPF3MUCvE30KwaBQudGzY0qzSFdL4BqkCbg9iDUJmyVKgg_3OCmRUtQg4zg1Hp7sC0YZOL7LhNugoB2WubBYbpT0W3vo2Cd8Ev7P0f8h-tdBfCltLSya7MJh_zvPHLLTWywkVj9o9LWjwo_PtyMvcdI8BsqlJ-aaaTbHCEw3kSRTtI_S-NVB6ne52t7hApGfLGKELTczDja6VPiNJlmgjLfA8sa3CwbymsgFbMGAQPJpsd0bqpTOPSp5ynQ--fO2qe2Akw30VI-B-vYgAsDAss_zCNVWtFxkidc6jtob2I_VU7RnvuhPvNh6hXoP2Fug8UdPM6VGRR8ifBphymL2JcsoDhCs5gY_pn83mx92H-tbwzCXFbm1CQ4cgrbegA9kc7JfD_ZoBNWLhN5J03OQnRLSg4HmBEYoRHGUVlUH9IHIhSnUKNc9xSDDpRnorQaLd7NH0F295KlIPZZqr2qbknkU3o7v-pgARMLpEDZnIVtoDkZ-OQdZofwrvLD3Wl0mrnSiZCT3lZSw12pCbNI4V35E7YS7OoGQRLuzEorffGUdFeGgwJIMR6rOBJrENo5jjGGf7ZkupJUMtB83_ZKaa3RCsTd2tUi5DZiPsTERFUaq4ylUbjXu4LmS_beeN2f2q5Ba31tWV2GdpLycOrzIKhcYgQiNAF32cP3duPd_axa3OiSI52VOkvxBrrkFLGpM46SSCPnu_-QKU20iY7w9GhDvVz4yOHGTTB2vuZF68lM3Lhy-nmKLhPsAMMJ8PZHyA61MEW3Q0u8vHXyHzMRtMv1SGBB4LnOnpgOtflhNSzcrZ9To00iQpNKEGJq6Nd8PQN32s0XdUkxfjaemqfzRxB6UfXkIScXZ71XzGaA-oNdbcLutGTM8MCTChcAsGN5uIZ6i5o9B-021ZnKh7cvlFFH6nTrGVfRIp-Fs3s9Uax_LZLX82CqbQEcSLc21_Pg7kxuIRvpnzCUFmexodohEIxGx1Z7CbD6pLtom5_PzeyoD3GMS7G3WlxazIBDa4R3X0vR80BAehwUOCujRwYJfNHWe462ovuYR9poiODflznMtClkHr1uDXiWxkFD7WD7W57qKqAAoW5J5VuiZABItpqSC5FPlQHNcgcEd5iSZOu2qtSQuxsmiBCBbTC1KwRbMP4xXURJxAg0T3CE16iNfCOSbM5VhJsEDmEPFx1g7_4U4vSqzgC2wVp_-qfRKixEjiGIJiKYglx-UyTUTh5mZJhkVw7AnYLE6qQeuD_2EZOzlnnOmzGKeHDIcnF2frLZeMp5VdPOtQ03pwbsPAOMJ1jp-7OBxntIlPnzL6ftlbaL5hGCnysJmdI9UWkTeaCdooH9e3XyVeg-DxiSeNUPktyIsX4MYxHtyhvHF7oF5g7Eip5lfdBNWjVkpYn1SxFmudfu91sbfNzCuBsdA4zbL7RjHJFsRpzYIigh4dumB3bK7BT8vPpaOdP_cDmnwqXYIo0pBWj9RUTCzrRlOVpNzzjBf02w6S5ButcFMOLFGRhlY-wKs93xTfA2cqC38rNDbO984um_2KswqmM43SIdwWHR_uRHLE8Z5cT9CzXlJ_s7tZFirHInOPj-rMFATdj_fHDtlp6FdocrNq-VOGoAEVGuhHsU56QflVq_2V1Zsd6wkmOexZIWRQ14hcLBJfOIj0J_cURUpCiuscn4K7RVi_AqtijMRV08p5OufySgp8RYh8WAGB6agyAOhOz0nhAAgTJvz-dZ4yZTdoQ4V0IF6Z15x08XIWNK0LTrqZvOhfA7gX02IfdPQ_PuodpXDSCoxrq4Pekpvyd2mdlb0tyCchHcyoZaKRTsgN9ww_IzmItwsMFdvPNDA-4dTTStaKKQXIYoAzeOQl7QjwqfwPMQweNUzpBWqfkkNuA082_Uq6zkfuP2wWGmTGmWanGdtgIY22cYSraBg7HHFt4J-vG-zq-4uYFhsYusphkM4SOJnrCj2fp95JIYxq9qXe0KhSrGxxNPgpb3ZKk4runIiV83jP5JpHT7PCFCSYVSsBml8iCv7xpPJlVYvXLv6bnjQB8P8iGOpVHJtmEjguGd9Dl0M&cid=CAQSTgDICaaN8uzdFy6IoQ-j0Ow32tKl3EIcMZ3prX7YmpGl2RTCxp5FEp5xIwUocDeY_7qXrN6NLDBWvFTGkwpa9cW9BVC31gJbL7Nos8N0KxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=3189723862143340000&adk=1033480531&idt=55&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:35:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
72195
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:35:01 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 2CE1 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DV8tgfnHaq6SupqljIpausjr6dz91RBE4trYJz_28fWZclalFULLyxq1I-PXw7pHqrCDThcUln_V1TsNB4WbdELKN_3oyYgOPNKOx-QqmbR7DDTDqrZMKIJWD9YzTXEPD_LKDYK3oCyOrximU63TsDMokIKYfgrURrGlEgmaBV6jNStVs&dbm_d=AKAmf-Bd9HZF_x495O4Z552GOf3ojw2PeFzqEo6d2ysV66vkLi7EM_rmO-6QNWuYmN8EWSrOj6kJsIxfjXiKY4utM1GdNuajtFwPFM---uVMrmes5fXrIMkeqxNnawCdGJuJbGwSKSb6_nuwR2AUOoNPdivtQsjDBZGiz7BBr6IhY-ru6xIbNLhFq4QMMNNvGQI7Kcte1-UERr3L8ehK_1JAxw_SpqTJYKaPkpEv-wobfLUxZh22c09gpJ5bf4NqsmZr2lk4xnYNMNZBsSLLsS7Ce5WqblHsZ7BQU7mKuEEio0mb0cQX2cQnfjnittZ3QSIcABR0N1si4-jsPrhcS5nUA_kFRZMvL384Yuio2rfiGFVktmxo084zDggKBSZvcFO_hMviYENxg-1M6Z5_jzC8kxkxr8Nun0uvILkS4YlO7yTLx71fzr3ViadyF57T4G2g7KysdknIvZ5mEnOicbPqfaeDYoKBTjv5N6FYrSgAWYGsmfsgRRU45b9QsCEM9c94xllfoBEWobcnDdavjuPwPuPdH-w0KVH3ghVLxBTtUdmx0qitqubrkuu_w6hE4KGn7KdJ3q5c_qjHZsa6Zy7z3sdBNbLMSASLfbiuYP_wSlZlape1HaeJzQwtG4f_OKxvNXRenTHgnzsIR2RIG1Ji262IJ6Ep4wkFYPkHa4i_mFB-w89CGyc_R7ni3TiiiEIvU7_jiGJIy_15h5oovb_MIpl78n1gOKxNvWkVHSujz3taCh8brYQS3vXuLNqR5Wu5lqT_0nBtyeppQ1SuFL84rMhH1XqwHDe9QKlaFJDyzB7YOn1A-uEjYzZoaXYTxVG7eKmlxhUH2JexXDpYFmz6WjsbBr82qY9hH7F1Tgh9d6WQpdxaVp-EOoeG71QHQEjeSvsh1v06vPgzVV4rEsWG4TEVuen9nSs-AvFUVf6RZbpCPXvO54p_HvXG5dBEJ81Nj-Jky4oGAR1OoQeUpC1UWRsSmnXLeDpD7r6Bb0iKzZ8UGvwKB6HEgU5VlRfaUKW4cas-d7Xq46TMXOSMkH031bXavacd2H7NS3fo6YSCezr52ws6PlS1ZTuL-rttBThdwv0aITUpEX2_9lWlEqYK-FuZyQR5zLxkP5ZmJBpAYOjAL5lUaWyhs5h0s6rnKvKRWqhHsFEQiQQnhUO6nXj9leAdP9CsNo6_tVLA_GxJZvCJ6MJWdn2eLiHphZIVeknuVCzDVQl2Ntpa0RTyTeqS_W_nHSKqoOACNe-2KRV1eS5_d7RDW-k_LbVj4urnFpZObnUfhiSNjzaxWm8ExSuxSVyJaGd3TGJ69Vw34GY1q9qJfFXAjN7yNOjc5LQfFNYIJ-Zil2ju-dp5xmfTkLzhk7yM1BEL4_QTvnQTOuKq3AE9T5ZBPgujaCoeBbEJ63mt5tKhsuoe17KmEMxrj-aSUsxp-3Qqi6lKeVnnUMnkHaB2q_NxwE_YbowvT24SBwnqNw-beanor7ySBjWhFUKMc6larMoXydTKm-z6CjTOCv-CQn5ZI36AALhzK4gwTjwVSOTwKLVRtPFqhP_IjDLbSMSKn4AHIOVBwZTc20Uw_grvsTpQKT-wlNKw6n48Nf8PWUlnaTbq78JXa-AkzK4PcHS4HEql1RtfqRCWF3ZGobMajndcecX6HyxQ8FKVKuV_6BgGLxzJy-a7vpATVK3nTw5CoXNhyE1Uxvv_Y9RSjAYkE1_L-7Wt7M05Vp56u2ayi0NWi2saOGQ7P0rWGYIgv5pkMKWlgqP0VOqWcSDT7E7mdr_1oxDYNxeLezZUKowVBfX0isRh1FKpwnreY7Hj4uyBsHA2bLABVnnTPDK924qNsbypLSz_JnXWRiXH7K1EZX2YHcn2jvDlZppD80Nw6RIJAkRVoY_XPF3MUCvE30KwaBQudGzY0qzSFdL4BqkCbg9iDUJmyVKgg_3OCmRUtQg4zg1Hp7sC0YZOL7LhNugoB2WubBYbpT0W3vo2Cd8Ev7P0f8h-tdBfCltLSya7MJh_zvPHLLTWywkVj9o9LWjwo_PtyMvcdI8BsqlJ-aaaTbHCEw3kSRTtI_S-NVB6ne52t7hApGfLGKELTczDja6VPiNJlmgjLfA8sa3CwbymsgFbMGAQPJpsd0bqpTOPSp5ynQ--fO2qe2Akw30VI-B-vYgAsDAss_zCNVWtFxkidc6jtob2I_VU7RnvuhPvNh6hXoP2Fug8UdPM6VGRR8ifBphymL2JcsoDhCs5gY_pn83mx92H-tbwzCXFbm1CQ4cgrbegA9kc7JfD_ZoBNWLhN5J03OQnRLSg4HmBEYoRHGUVlUH9IHIhSnUKNc9xSDDpRnorQaLd7NH0F295KlIPZZqr2qbknkU3o7v-pgARMLpEDZnIVtoDkZ-OQdZofwrvLD3Wl0mrnSiZCT3lZSw12pCbNI4V35E7YS7OoGQRLuzEorffGUdFeGgwJIMR6rOBJrENo5jjGGf7ZkupJUMtB83_ZKaa3RCsTd2tUi5DZiPsTERFUaq4ylUbjXu4LmS_beeN2f2q5Ba31tWV2GdpLycOrzIKhcYgQiNAF32cP3duPd_axa3OiSI52VOkvxBrrkFLGpM46SSCPnu_-QKU20iY7w9GhDvVz4yOHGTTB2vuZF68lM3Lhy-nmKLhPsAMMJ8PZHyA61MEW3Q0u8vHXyHzMRtMv1SGBB4LnOnpgOtflhNSzcrZ9To00iQpNKEGJq6Nd8PQN32s0XdUkxfjaemqfzRxB6UfXkIScXZ71XzGaA-oNdbcLutGTM8MCTChcAsGN5uIZ6i5o9B-021ZnKh7cvlFFH6nTrGVfRIp-Fs3s9Uax_LZLX82CqbQEcSLc21_Pg7kxuIRvpnzCUFmexodohEIxGx1Z7CbD6pLtom5_PzeyoD3GMS7G3WlxazIBDa4R3X0vR80BAehwUOCujRwYJfNHWe462ovuYR9poiODflznMtClkHr1uDXiWxkFD7WD7W57qKqAAoW5J5VuiZABItpqSC5FPlQHNcgcEd5iSZOu2qtSQuxsmiBCBbTC1KwRbMP4xXURJxAg0T3CE16iNfCOSbM5VhJsEDmEPFx1g7_4U4vSqzgC2wVp_-qfRKixEjiGIJiKYglx-UyTUTh5mZJhkVw7AnYLE6qQeuD_2EZOzlnnOmzGKeHDIcnF2frLZeMp5VdPOtQ03pwbsPAOMJ1jp-7OBxntIlPnzL6ftlbaL5hGCnysJmdI9UWkTeaCdooH9e3XyVeg-DxiSeNUPktyIsX4MYxHtyhvHF7oF5g7Eip5lfdBNWjVkpYn1SxFmudfu91sbfNzCuBsdA4zbL7RjHJFsRpzYIigh4dumB3bK7BT8vPpaOdP_cDmnwqXYIo0pBWj9RUTCzrRlOVpNzzjBf02w6S5ButcFMOLFGRhlY-wKs93xTfA2cqC38rNDbO984um_2KswqmM43SIdwWHR_uRHLE8Z5cT9CzXlJ_s7tZFirHInOPj-rMFATdj_fHDtlp6FdocrNq-VOGoAEVGuhHsU56QflVq_2V1Zsd6wkmOexZIWRQ14hcLBJfOIj0J_cURUpCiuscn4K7RVi_AqtijMRV08p5OufySgp8RYh8WAGB6agyAOhOz0nhAAgTJvz-dZ4yZTdoQ4V0IF6Z15x08XIWNK0LTrqZvOhfA7gX02IfdPQ_PuodpXDSCoxrq4Pekpvyd2mdlb0tyCchHcyoZaKRTsgN9ww_IzmItwsMFdvPNDA-4dTTStaKKQXIYoAzeOQl7QjwqfwPMQweNUzpBWqfkkNuA082_Uq6zkfuP2wWGmTGmWanGdtgIY22cYSraBg7HHFt4J-vG-zq-4uYFhsYusphkM4SOJnrCj2fp95JIYxq9qXe0KhSrGxxNPgpb3ZKk4runIiV83jP5JpHT7PCFCSYVSsBml8iCv7xpPJlVYvXLv6bnjQB8P8iGOpVHJtmEjguGd9Dl0M&cid=CAQSTgDICaaN8uzdFy6IoQ-j0Ow32tKl3EIcMZ3prX7YmpGl2RTCxp5FEp5xIwUocDeY_7qXrN6NLDBWvFTGkwpa9cW9BVC31gJbL7Nos8N0KxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=3189723862143340000&adk=1033480531&idt=55&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:49:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
64107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11874
x-xss-protection
0
server
cafe
etag
3876053170955424897
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 04:49:49 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 2CE1 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211228507711250533076%22,%22debug_reporting%22:true,%22destination%22:%22https://lilienthal.berlin%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22934669190%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212273280932718791345%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:16 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame F37B 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7766f29ea6cb27d8c27e22c108f8e8b7c71c252b9c9205a60ba6cf294f9c8c7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame B338 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b716e294ecf50ef28e9b3cc29c923858e1fc76cdae74715f18e788be584a564

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 2CE1 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fcba0c33396ad77b36c7a57eb782498359b76c2d60200cafb1b37b8fc206e518

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
pixel
googleads.g.doubleclick.net/xbbe/ Frame 0D44 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKyC3AIQ4-_U7QEYmpvW-QEwAQ&v=APEucNUmQtFG-uyQx2pymbIAuDnWO9Oo49AFQe4XapgQDAEPOs1w1eAxATyTJGubR3gluGrCs76O8CJe4mr1oMU5mStS8NpZsVWiYsCHbHcuV3wHVvmEVNFhFP27zULd32-aAjjiF2QObi6UHDL4eRL6WzXfGsdbOLLyiN1ksZ3UUymXJ2MsD_Y
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:16 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 6ACA 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:16 GMT
dcmads.js
www.googletagservices.com/dcm/ Frame 6ACA 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:22:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
967
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7823
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 23:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 16 Nov 2023 23:22:09 GMT
attn.js
cdn.lamp.avct.cloud/ Frame 6ACA 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.lamp.avct.cloud/attn.js?mt=displayBanner&aid=63c51e1aeaeb06ed73452eca&mid=651e6b2507e337ed959d3bc2&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=888059656&a=&cp_dspId=dv360&api_frameworks=[APIFRAMEWORKS]
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.103.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-103-40.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a2bb12e88266c40aa8e4b1b0cd7204b23f0bbd8e8b4eabb96806116b590949cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 08:24:06 GMT
content-encoding
br
via
1.1 d7147e532e5cf73689fcb39fa760bcf2.cloudfront.net (CloudFront)
last-modified
Mon, 09 Oct 2023 16:23:08 GMT
server
AmazonS3
x-amz-cf-pop
ZRH50-C1
age
51254
x-amz-server-side-encryption
AES256
etag
W/"8a45742518e0e70d41040ddf21529736"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
x-amz-cf-id
7DB07M2kbBwEB7LwD0Luhz-UeqZ6WV0LK8DXjxPCEWBh6amlIHeMjw==
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6ACA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
28413
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 14:44:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6ACA 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 21:33:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
3910
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8541
x-xss-protection
0
server
cafe
etag
737174102934380276
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 21:33:06 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 6ACA 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65395
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1700052045412510"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Nov 2023 22:38:16 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6ACA 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C3S710xfmb4pUHSQCPBHAVLhwQJCjV0OTLCqqbmZI4HfM5IyCJhWGJi95tmVxn8KhDrsfSgBjQd31m7Quaixao9GtZ1oiTwgKD3uts17o27DGMyVY
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6ACA 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11775103312522353669&x=1&ct=77
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 8AEC 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame FF85 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=250&slotname=7481584504&adk=4178420169&adf=1414538832&pi=t.ma~as.7481584504&w=300&lmt=1700174294&format=300x250&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1192&idt=407&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1185&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=411
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
521
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame D543 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABRfWSeXw4beOiiN_JCkNykRV_pyNPL7TPoCcByUSGKWDh9MHL2MiY3c0ymnrUoYEb0EEnorJgdXaJfKYgwd_ba1FkPMeRdbB8U9w_pb4VZ7tzKxpKICiubhs_uVdS7LdweI1_fIDb3E5_uZjfUTpTCkNC31iwVudqJCMje8G7nJLEEQw&cry=1&dbm_d=AKAmf-BjL3nCEV3dvh9WZZi0JNveI3LzCRuN9v8IRtkOMfX-U9EsgIVRLlEv5plbhG9zkXsLchf1RRBoz_uydyWKBIfrKI7LZpzIYijmB_t2s6b7qP8WWzOd0Cg8vBF8Q2obd2QPr4U6EeapKYre4k8gluifikqOjPp-WwdZZPBgBH9ECVvfupjiVApJ5gBNjrQXrGz4yVmYM56zoYrTJfWdTAz3B_rbpmV0E753bnPKBWH64MV1y7H66pZfvt9ZSbjkhDF0YDXxU_lRPnSqQGcbgSz5Xl7vk2ZiB6As_G_sBstiCvfqhxAlsKnLBFh1ByZruuPVulgsWKfrwirsh4nO2Od3cjUybRB1jV8JRLs6qpnxSbQxMJyelHzi0ovSq5crrD5-J8fEnUq862xaEXxZO3m7uWC7oScMNBiaaw25EY1IPjTaD2_I7TXxhO4h7oKg4cY-D9z5fMEqvrm6g5DSJ0rnFuji85m-bsn7v2SmE-ob8_dYf77hWFKOupuT8-LzO1Ma1DaxstM8PNqB2U4MMM3ebvrUA1EyjCTqxMkkIBfS9aJcmN7KRqIJlyQR4alOyaJ7B6ke3elJJayr79nVkUVrFl0hkcktkpWPMDdboFzX21a7S2VWJsqAVMp1vT16blqAokh3I3eG0pWqZ2t7sws5RUlDtD7K1TM082pIUkmdQmf3rlrwqAihc9wibXkIslGAbh1Hcoh1vebqb8eVkibbWbY_DxS573LJMKDvfMrhd1m0-h11ty9OpA6F2hWf6va0PLR-v0u1zCYMZcwFwsrxCODphx15t6xd4UBF5Xz6mHBXDems1-XgwjgQjzFwT-M9fOqxegXD66_ZHuuNqHXya2lxGY40PcinFYQz1gOWaA50klWo38po16ZjqZjn8mM6hBcMV-q9ar8MJgG9MWFr8MsPZfM0DFn_NGESA2NRVknptwQtRAHkXdgVcDNAU2YNjf3QLo1xnxzno_eMH81sKdmbbZQmrGYROVrZdX_8kJEufIuoXaKcTb-Yh0BuseaHzaFAQ3OpCmv0KT2LJKj941dBKDETUsiCCctTlu6_qJ_vFLns1JpeVgVxbfvUViMoxMYC4zczP012hagkLm_GRPNCgACDf_Om_nKxIbXLGxHHI1NSKs6pfgKySC9OaSZSLRJMXo2gJ4rZCldB6aC8opQiZreB34oANFFPULJbW6ighlQ85XD9c38zwjtqgMUCkwP0EvTQCCnW8LEbmxqbglmT23cBogK7-vodfpG7lLdgVFBCYxGy6RI7taKMSVAEVIsFmFZ-xaIr6TzZWjvgDTw_NZwCYwjzq--nJz-46fnHCXfFD27EzSjnfAmo6GBguny947TEyWQdXwG6SNv0oD-VBHuLPPy3E5mlcTyOSMgyQh5yXFixzfAz0ulq9xal_GlFWBvTFa2qPFjnZJcmXjrQSibHGVRIavQyUSSYoViHiWKdRLR8TN3u6zbeKDy64iN3SZ54LAkq2E3GhDmkY8MfB2xtY4fM0Djh-AwEQqLJro1tCJMBNCV7SXWFGgtnxPJrumc5v9J5y7J7hrYUutD_zJ4UaO-SM8g5qMh_8dwiWciq9utYMTuKHTZD_cBn-N53-5vrxZm076e4121jLF2VsrU0FRX1AFMabCkgeE73ud_oZFmtGrPMReDHaVWOKZPGIAfNEI8dpmSEfV-n50q_HcpgwCXpbplgiTbu0XQKlOE7b8SCTPbH8PMNrVWAKJLgHzxs-68agFceJT7poQolwjHpSfNuFWZRMwO4K_ZN5tcPpQ9kcqbhZSrqWK0Fr7S4mAbq1f74JxK_qbDtG-FlTXsNIxUc-hrmK2W2B1y4sMtEYt-AFuKF_AacKR85p6zI8i8PYfAiyIgGmnkwXrtOHajbD1FZ93iWLwjJLBtvFlEsnyNyiJ2YDhhH168gX27v3esc1lu6giNWrDGBzMGXQU23RvpEaRTIheL24KdDL84ZnvWpwr4xfEg03XE4qlqM6G9rw8xGSF3ZPs-5FC0gNfq_nA1BmOICXLAmGl_ZZ_FnZLmAQbZFUhAQemLJqq0cwTH6fMwO0fy6wgOYvX5vRhGstGEe23nRSeJPMi5r0BcRfNtTv5URmJqxclsINR1B-jomD_h-hyeWOKjjlBmA9g0S89d4D8_G9Q_i01_rD1Aylj53TWMC5Cg6TJDtTSuivCKoFBn90Xn87905KjnEIMCRs7wUrNXK4oIwI6slOf2ocNeu5UFOZUdqzwvt2LUPPdM9HxSK6WkEeXLXwpcKwOtbSbGoPxxN_Vzr_1cbejI7MZBK-R6YtfgN3aXhuDp99Roap2Cw04xWPdikEYI-Djk83_Nrl7rGOIayAf3AFDPLnB-af73Rkva_i_CRSS3uxslnb9WILd21cRTR6tb1NhKKu-xNCMcJPP_yBkkNMj4u3aUE1bZvHDF5jf66KCCTIPsyACAgtXG8Zm50l235gJgtc5My_QqC9zBTWgUviI67Q2xFUvs5mxSVnz2Ke5L8nP89IsV78Z9NUYpBEweU0DMy2Fs1Zsdl3AVULV_9hZrhIAkBggaQxM6Jlp-oxtQBUhQ_iP3ZeLAhP8ggZPMQk3CfPzfofAR9afIEutd3uvm1g9mRcnHzUI3omnQe64i-WARrcyV00hepliKxEToWtoZRLqfFiuh1deXN9C4bRpoA7bvRQjMe-H10EvCSwEsKasZY2TBtYkNkRvP9HnuY2QQQ2ta5u0DhfJHeGB5AifLTzIylRDd_biGS_Z5ujdOcggX0BSZL8PWZLt_X6upad6h0enl_hBqUArdJQTa2XzyzOYqtzgw6gV5nz5g_cZK_pqhFq1CkwrPwXo14uIS3xY_f7bb1QBz8X3JoTSTPXNrEjNJ_d1OY_DflPEJixlQIFDPy7mJBx49uhsGD6IGjX9K4ND9SoJEGQUDSGbhdzUC4L51JCAsyMPag-rUtjmukoiqWDvpgff-xfpn83XF6ntjtPqo5AQXPBXA34zWq_v3F9uznnooMsHRWTComYtEWkoqvWMHQe2chpgIjRJEHg3kGWn0DbchqPJXpJMAzAhqSMdMmvGccPf8ySYQVLrEVi_vc0MbHWzI4o4TR3NzaJj5LjIpUZ7sWN34zJIQz7Gef3laYnaMX1JEkUv5hSTkp1w8eWpZdAtWicQ0Lx8pTm3Te-fftX5TJK96yGccCGliOsk67D5Dl7p5F2dtnTSEwf0VI2FvMKP7wdjCLpaocn67QdgD52Qb0Jf-074pap24_bnb5XCyP2EA4vEo2hNQ0F9Ed54W-NYukjGEoYozmPKr2YQKsT-jAExHQa_WmKDZG-BFCU17a5Cwrje2t585JTeRJ_rvJUexU9dkUTABZxv1tchaUrFBmuBS3sZ0-lm64nQLroA2KAU_QyNC_qJ9fCcVisNqVZLsWZTMPYNC6xQMlP4mN6K03uTgmYjE-qLRg8Xtatu-1CjvExjfRVPqhel0aa2Al3wuXZ3eIGFcCJj9e_qK6O20rdUqCt01TlLBM62mkGfMEYdks52eiF-pljOlbgfJZZ8UuykLSvI3sfrpnCf5Kc6zAFb1U6ft9QdwbvhwzNb8scfa-WD9gbF44hsaYMAc0AQS8w8wUQ4vpG7MByToVMJunCy3OI5G1r6pleD3TCfBinpOudHcZRYgJQoGjSi6f5N2zuYvAM1d50zTBP0xmu63YkjGTKtgF_4dgGP0m1gSXyIkyTB1en9XhvtEuanETrsHKxhxdoHBKk0tqr4dyw2Qf6RJqu-IZDh565RtmIvouA8yyc1ka3qOgdYq8IihT6VjdBf1axVGJw8jiKy6K2L8gt0kBNTCbkCc4zi9jb4lME8tCQzPG_7-GUHADPeKCTMfRsYHaLB74tk7bmhnmz4m7PJeKQZ1JqYl9z89A6OKjvz_4Qgajj3bKbu3Zjz9OS4moPia-daqR8g&cid=CAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=16422682046585133000&adk=1935140218&idt=49&cac=0&dtd=11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjAxOTk5NAogIHNlcnZlcl9pcDogMTI2MDYxMzMwCiAgcHJvY2Vzc19pZDogNDcwNDAzNTA4Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame D543 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjAxOTk5NAogIHNlcnZlcl9pcDogMTI2MDYxMzMwCiAgcHJvY2Vzc19pZDogNDcwNDAzNTA4Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDE3OTU3NTkyODgxNjMyMjExNDk2CmRlYnVnX2tleTogNDU1MDYyNDU1NjA3MTkzNDU1NQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMTYiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjI1OTc0MQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjEyMzIwCiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xf592583487e57c4e0000000000000000","13":"0xf2270847e08a2b9e0000000000000000","14":"0x39eeffef3053d3b50000000000000000","15":"0xf6b14de5b4cd2fb60000000000000000"},"debug_key":"4550624556071934555","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"17957592881632211496"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wmoiqux43uzw
hal9000.redintelligence.net/zone/ Frame D543 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/wmoiqux43uzw?subid=&gdpr=&gdpr_consent=&rnd=1700174295140147&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
dd301bcdf64b041ce0504b3a844ec9841e1bb2490df26423ec95f8ac926b549c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:16 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
4218
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4297570690367&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4297570690367&version=m202309260101&ct=77&x=1&cor=11498287611133712000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame D397 		20 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CvaD3dF5vQEc5iWicLuww89HWsFCJbheMTzzNG-EYMPtscdUe9-gbdxuYRGXNg25ZyP5ve0XbeA9Dsts1a3y1CJ0XGQYsKFRsspiEVpFRhmdGc_kZEWdFa5VVNcXFh1q4A8j9LMPcBEfd5D6k2A4JdB2Pjt8imjpUPf1ey8mLpI7XRNaA&cry=1&dbm_d=AKAmf-BORZjMh_vMhkusIE2rOdI90G9Xtk3dXcM3EkFJq2cs5f4GIkIGWdLbgvwlYquxTb6BI7_OwXnKsu1OirFaEc6IaBnqFK-Q4l6s4ErKD2i3xB258GJ0il7NoLosL3aWer-9sFFkA2b1gCbQ-FPIIaTlMlD2LE96j14gsnwCzhz9y4vsuTnfyoqW5Nu79OmR0KtbI2yyI2MOHvjeIGxrfUJzjCqZm4tfVbFVIuwpuUXuLCVV4DVYFmz32befAoYbIYLKtBovGJWilJzHuxMeF0aY4XdeNDkdnqvbqCDxsJoQ95rA0hsxW_5NsFq33YnEDIr6WOLeH6lnjnT1db7B1_NjgF9jxqf1SvDOsJ5bXIhwvjCO6cXDMis4SKmtuVT5Qwi3hN8N5TaAhfh6o3VmeH3xMhtHVFXl8mfCkNX80y94ytbev2V5GK2YjIv5y1y13gX7ewaFRKKw7nBMMJ4FPWZup6PCXDfX_h8uTpJo0S4kV7mSYwwzGzibCT5jsRsCqBuE9hgVJV7iiSlBAImkDufDs1ICtJnGri_hjXZKJr8Qv9ik2mcUuUyxEjUxc0on0yeSN3ZNO_MyitiOa_Xhefkm1M1qPlN3wKap9L5MDcClsnO8BwxOwlenw99ZYHk2TqnKeN4MDq-YYUpTGyVwd30sa8rtVBV5CMglIKCaInrETypb9c156UEM2OZpCCR5KpSFbCQVH2O9sopEj5c1DbKZdUZwzIyvcO9GXe5nhtlcbwJAxfkX8wv_B6vYPG8BrC-PV8l9OvXGJKf5vCNdRRWwP70UXzTTcMx_KuipUaQ2YdzTmb8TECaE6kJJyeePDS1h3TZdX37mxcX7pYAi052GUZK0t5qvnWWvfhKVRarwGQtxnRCcbBjsyyZZNUQ-7YFFIRNzX1XnBYKxx-CSqvSrtavrNPleC0CVEzMxVt2BjMRFhof9-zxFoJb42kiF76v9-LE5kByBldCuYsrlYTKKsqyGhXiPfwL-TwwARCFyjdg-LRv7ZOEWdJdyYAPJM32BpJ2SMKZeD4xLBSP5uPd-THh4AP7YSWunoYftVngzhuJjVRUscoxDzCefez-8AULbbMAeVINDvaZbC1IiihxTlwLNr8-vdyNaNnRI75JBA0lyymYFWaMsT8pb7cH0QbDpERx6ic0WWDxk8vDt3Cp53LbH0OZoCuawf1v-cgsgQxw-h8nr6t2m2SFKYGD9h11GrTeWOKjYDIWBVywKZMCe5vyNPj1Az3SesDhNT6jJbuLwy3luqWNtYd4NUOBnU0zynxfMWz9it4bATz5Hn3WPOqGaIozFF0NsyRFto14XLfCMMj1726mdtWSxzZQgn4nkUk2qpmphdJiIy_ClVzt4ihRAhEUnCD4Vt1ricgO3CMpyQerMUjXrCknJXEQTsvt45yYNZ2QxvjsSO7wunnkFd24VxMtNQJGx8G40o9R78hx7yjd-0jfeYi7NC8cY6XYBDkJwsE7rboJZhFCzOZ9BPSS_Iljo5imAQUd74G9r4VMre3FitXzZL_H2PWhf5302fE7d3DI5RWJc5ObR5E5eghg2KU1rBhbJbiKLLxRqjwN1NenAXWvjmci2fIoHsZu9q6D-Bgr7VJuOh011gkPny1WnKExIjhApe457SWF_NDH5KP4etQXzQ5mDKp7ek1XwLP7lLLKg8Vh2VaDqfMAlvielgtuIKI7QLStstRN-_wkG1eVvqOgl8ongUTDU0vgNWGaZMVu-bAvB5yNpQh2QSLYzt2J2qoV-sZybu7N8Ob3yPw29EhG_u7sJ5TsPN13iGuHeaeQ6oJGJL9KFMklPguygBhpHEoD7GFoQmeiGNveHZmJPzEkxgd8dsfeQkGozoQccCfM1KDXdbRbKmgrd115pCUDGJm547fZwElSuyjIZcNN0tisfGv9SuToFqhmHZwg8p2unHlxykr8alGmLXvfOwhnqnVy061DIxLKaSuLwVV-61bteiBf2rojnwmRRDlfnbWiD1ytuCdvjfwsPGhKvWcB4TLGZt5GmHiEzA1iKPDqQDEP2KNe3y_qrss-QvriD-TcrGjzSCf9r_xJfTCaiTFcxz3tm1HJkUlmCk3NI42A--kJ81ZmlxfArDBW_XurkYv1KrDRzx7w0DpOLheX-u5LWwV9FxJSUnUoY9Q29DIYEEpyuPOYL3TMWwxgehVUj5JWKXB-esEwdIvuT86OLyKVMsLL-N5hOAb0MAi37tAeTvvCTx-dQR34Z6GAhN3bmXCJvRYA-IC45PGvrZVZCaim_pcAaVEnUqqJZshDLLPR1dBFMFgCOOrNefk8v3stYPjNg8RyjeYnR0qwnT-K5bljks1hLEczA3O59KE1jTCExM5V19JT3QSLYOm6OPrqH2hA-RlN56tPEANdzukACskfAQL2ncBRiuhetx6Dw_5YRZXqYz-YxyNfnVilSRFaBOJNx-FQUbG6tNcZVsFan0GRB9lzYwVr35gEOjdcOXNWBF7Mi_UDh8YP8EYOQ93Shp3opHQrlhvF5oRykG6avbS9VfZHV6-vwYwVKdmzViDrHHCJWt-GFrCTvGLH39hF_I34U3KZni1GZP-vGXDN8vnXX5CvPElBCo97MLfTGLpYQpEZHXve5qXLGbpCVvbsJQqLKmIDg0BJ_AxR1ljZB88p2Xs5S4OEMbnBhz9xsQGGr-Fh83nuBvp-oTSqyKhUymXXGja7mqsiV4OVc4FzNFW0lH4biUlGfNG_0JD7JMppSEK_AAEHKCRCSzt4zwFVHcyasVy5BwW80dDb6aG6temxHGMJecKXwz3tb1eCkXp9a8isaQUZxoF2wbilu5eZCTG3kpvASc6A9kOO4FzUIkEuf7tWFpQFLVmtoRtX3KNWGbDyKZ5xu40WnOif_S381CmKLvkTZyHNk57TGHVcV5iVESk8i330WoQRnvgXk0lIcyQBeaS17Hiv-Lkdk0RUg8SZiA3pkXOAq-baJC_afBztTY44RqLbL7Gai1SQPeYCByD_iQw84viTadvmkOTxGY4Ha3I1ZzKhuo_wvPr3p6KZY9tJyJbhd_StBztqgjboaz52KFQiQCJSPdRf9nI4ZT2okVLipnPYugTM1hRLzUwfhS1JFsqxZBekpe8ZjflCwiGkeFxw292TAoDsW7-OrqiIxCJL3SmK8ZbctJxm5QCGKmYaffS2d8E4JrN5KOE4Ukyh3zf5Darne9tNvkFOT0tule3y5STP2bkvfaIw69xHMIFeC0StrmeHWQHyHw4UiO0g7L7T5jxxWV3w2hqmSNvrsdMzq-zYc2UyAhORG8OsQRkDWnRbZKi3aZXDJ0QcS4pMtE8Q2HXQ5D5YbfplPHodgOy-g6oUkxcM3iLdij4t2wJd5qiQVCXNvNPcaJSwuJI2dg6bta_-fyKaiy3Ui5Wbok17NP1ANnBKGotFb0FQjo0lLM4F7S9wGuQrrctUzpUtm4jBUipJLLJTq67S0QKC4C3Hxdf8_9i4I96R3i4Ajg1J7cy0SP_cnKqXXlQxnZMb8JCB8DVa5m9thVPQ8QchGOatmLhoKg5vPJUBz78bdUOLhtPoQOr5YU19jPICBU8GE9SEMtfN9RBIJ-YAlG3-nhqycEGdcPcI34aG-EP9w3dZB3R3_npSQEUndjnC1ntt9OhLKr2rOFup54_Ng-Cc1bnnJGfM6zvJrE89G708p6_Ogw4n4aw1Px5CRe6zeRt_h4yfOoDwcZ4uY8IRqm-YY0cuLBcZV4mbmAJafsSHiaJDoYLb9cW_r_SJydAirK7YlxYLgfXoRUivELio5Y6zQc1vI7_nyqoxw1nR0EC37OeFCcf6SGpL0LWdxs0RSMqNRQ1uZLA4kiYLZMHLCUS424fNogH2o_vigQkC1oNMyg4fIaW4-kKc_SLJAA5_wkwJWTw_Qg9oGVTUevbfdAGAvfS7LYxs7vO9w_RpxYrL4sGEphCZl_78lUfNS9jD-bSKwKESwK-lhO0H4qrp34VV9HGA0TclWdToKxxVh-Dnjpvif0K1_62ivDpxTsEbfg7NIFD6J4qyPoNNd5LUdIOpVAgt9k02B3cOAoVEGF3lzRehndA5Uvt1qSAsRuAP990Dkjl9m7AAgW3_0qHnr&cid=CAQSTwDICaaNQI2CWfzrha5lUseqemBWCVbBjVHLChtPIMDgi4Q-oooDU-Q3ClGhYWGw45pjJOUJcDD-9KjxF4RE4kW1hD7ZVbXdUdeTd11TVXYYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=11498287611133712000&adk=792902355&idt=43&cac=0&dtd=6
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b08f8aa498f27454ebb4fc74574ae6d76712ca0d1575dd7ff86683221f679d56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13943
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame F37B 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 21:01:51 GMT
x-content-type-options
nosniff
age
92185
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34108
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2024 21:01:51 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/990511/61634099/ Frame C168 		255 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/990511/61634099/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0js_moAyMFeuxN9QD8EHlBN
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.77.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-77-146.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
035431e60f3d094003b784db49de6e3d57c099df37a1e4b7bea8c7dbfba44fa2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame C168 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 06:30:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58085
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 06:30:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame C168 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CD7rHhVUfm-2xbtZa2jnrR54xgoxtKcyinvCFlWMsG7MF0n01B4fqraXqN9OdbhjaEpP7j0RGdXM8EwOOhS2f3BEAEns_mY6mFTpsX8kIFZMQFFH7gu7MULtHFepXfUz5xZt-EqavTLBTmSg2V2iZEBhHpAQLETq3XjdkO7we15tROx64&dbm_d=AKAmf-DE6ejOiEcnqGRZOb9jM6nO339FAk9A5thC9zeTkEUkImt32X5dhcNfAcqihF4b3yD2UjSU12d_p_6TUTmVUQl3RKwpXFENY7H_B9yh-pjymoyd98skn_5Tw14wTbe8WfCx5QoxLoPUOAYpQphT9jsbfPW9Twt165VqHSDnm8A82boWlctSxXK5dSwemsAKhvPRPt1-rW_aBJovU3R-MCiPEVj-n6VQTlq55KCXLwjSIhzpy3BKLUC5lc9T1rqp3pE-LfmHMb1rWyMKAC9sU6W-iiLMj1Ws0insR1q_hTevemDnXUhBntvFUYmposSK20-7Bv5lHN3yj5or8NwklOKLnDwKduk6IjTXaY_K6FBc7mw28zNX--7t2yKxvYhTPkR2vBKKXw-9Ws8-7B31WwZfWUY_ddkGiSknsv2_2jz786Hbs8YXoVYLeQMcNnSC_lBxpNzXLcmRfM4AIma1MZusr6QGrE-59yhHErgm-4IT9uPYf5V7_4xv_Ay1oCW1xzPWooNkpcniH4DinAGNHOApghz3SDEhR-1mqBg2WdqZBai9FS1irRRXL2V0Y3X8q4Rn29g5cTMR0d8w_aKrJz-P3OyxKC1vspE5qfC3xMSDkpVgpUJaSHaoBEpPY_9aGspEY8Qc8hficixAfNT6JXGQ4zLzXlB1JoTS3Hf8qgZkEIKoRULm-ubcNs4RXGN8QM5_Pdu5AD67tEUmVTryxQ_KgeMkhJhnPrYEQrC8XPApFXLihRI-MfcKmvQg-7ypyuY-ZK2Ca2VSU0BHVREjDAyAEmWXenYAd6Bf2D6Ga7z71q62xA3NhUZ6jTTbhS0kQcOwDTP05-Teg1qT04FLr35KMB3u0TjrCaAy4ulxDvXmS_MKfbjHYTnYoH1ZB0d6cG_6lcl8jiE72uxoKJSYAl5NtmxDdSC9oBhtFUBewRPooRWGctrzY6plX3gTmaqGf44y97rM-Hg0-xY3t3zj08l0a0X6S6BnQPIByfKzveG6rXrWA5AW0Dn8D1bY4xkPcm_y_fafPSnG-cO_UNIrsT3apgfz_FKnG4fAAn9wG2NSjjv_sWivd5JLhYqYeiWCpCFWGClZ3gQpDOAUV9oNK1InOPrdONJTh8k9Y-JcCocPrvPy-5lfTvIR8aQNo4fUZXo9GoH_gx9LaH8O73fQKkv3UFBi8l5xnq2Sb9F8rK07oj6bFtskANa5ZIsCfeopW45l1cxrHWNVBpC-wNQbU5YojceUoyZbcaNLILEEPTwqLg26YBhldJxTGXVqQXLfcvBB_cLgk8dH7VU-0cZnY6T9rLT2W2K5ttN_gm1R3u8t4JFYP_gF0q3cdHIh_z96BCgqcvfMq1v7a6ACOb6LKH5vwWr3MlTXq1PpM1dkz4eKdj2K2vMHorzWSz4PShnRDnnn0bGwZGkv77EkM-zQcCP5HDmcHs3xPXMDqGU4HO1W10yL1hUt8MzwnSZ0x1aCD3X1QT-IYSEjKo3HvQJZXv89znb1Cl3xoTE7gmESbievfNrAupKf6UckyB61uSqsYWHB5Cxthj3sVotqF7PBJ4e5vFRAVOwzXfwvITDxOtYMbAx1TT9dcp04aWG8_oKy1HkcYcfphL7QaNdbCHhPA8sikEDiKRaIGI8Cs6u0r5_kKpJqxMUfuFTz5sHEs3hmk1TDbml9Dbbwvr6vemxI9czIe9qmaqTRHEDyAgi403tAAnB-okZwgil_utEzsnRLuSi4eRFwN9Um-nBHkGBAn8iyYIuH08280mXECbsRXX9heTXX4hJrCoBtomJQgpkNjDiZEVtl6PIJXpLK5Xt4NCPUEpj5UIiswxFW9gi56M0V7bKNsTI8JMP-x6NL2-9ncMqBhPBM8wWzzZocH1YC7V9jnCafmRX-W95132wXMz2a54gufXeHoXPPKeU_PKuQpfsdEz9qme-PPf1KEZfk7hgnbaA6Z6gfZy9kOFDjUcWHm8-iV8Hg_Ep6fmSi_bVWEcHt_fcdO0vSufiGzPQ2LWRoX21P9m2K8PjB-uKGzQ1Q-jQeuZEDP3bXBB5QlqSOUJohJTCj4klnzqNmWKu70kycKk2I3w_HR-j5GHdwvvPArtImA2YzERZ7kneCNEg7Nykt6DX_Bq4Lu8Gw18CMGJxIZoXEnD6y_8JmW5Pd8H_WW4rl6gg93cWAmISgoNuT8eX4QsTpsezYa--AAkVnCHQM2Cy44WKBVFi_gFihI5oSqu2bZl6h6p04WL2OltSPO2XpMAluARbbVHkbQrrjnLubTo1ylw7tleb6RPytVpGAtJ_SRtCN9sYgq11i3R_hfvBpfoJ0UHE5SwT_qkt2rs88ttuhHfonaqmkqfd7gjnnb8Yf1sT-745-mCtRE-WXrFrhrsEiJyk4UqOvK_Bvq285FNFD3I57Kgg-b6oCxcxVsMMwE0e4TwqL6H9YoVbNicau0p_g8iHpEcnkDS-2C8ABaZL-4EhXjRWbSW0dWRFVvYb-_s-jQU-houPS3gtBy81puDh5eB7xCi6cKp-Uc90xZBtLKeNvRQB2q8RSlOqr1b_0y0-gvP4niEHBEQCuMRNIj62Z3fw86Le1kwDgLui5OIFyGVUGBxdWScoDCTgCLEfjCV6vbRxcv8FCs9M_R2zIzBmMeTtFsgx88DExd_9ChteXv04Es-_fAqUH82SjiQUfF1qsdTZEbRTWfCzopozZPQH7f-cQidIub2G8JcXB3_wKewuQFcDDqLiUyRi-s_foecwn73OLL5QCsKdLZANp7rBx4wL8Q1waq5buxY8pe4mMl-CNnTVKmba4AQfLfJkUtqaa560tWvt86H_Nb-XL6kGsAJktfuyyJw5sV0k_9ttENS4NL1KfzCyM3crP3MOJ-rVJfckb2nnKkKyDpCt0b6gIFtghNYR_LI7WXRYaXxPkoP2R7l1Eecr14mxFvh0rLrSSRrEofxVAXCEQ7ro2BJ66O8bxburXC42dwZqUdnJ430pDsOlQkUZFwL2rWerIJxVGCFRff6OivQUg2LA6x-I0yQs8gdXj3fktjARKV11vOs7VD_WaR5fsTjcxEXGjPVKBH4Bt8GrvAr8WwWfFkQKG7UXnpLBp81PiIKWCjvvemLbGlSackndRBtuZwitBHP-S36rAGLQZ-dW5VIPRQ904oeDLX15KxAY5RtgIuYGHQI1l5rZUWmfKdmttf3f_ZE1m8ajNnp9wCF996wbMwdG0bxkV37DPMWQJP1zBEpeaobPWgZs2cnvHJFdG6gt9TyZGhaYYUawK7lFBtzhHsY4pftlP6HQPbYWStmhtjJxrBwWIujE5qYAQAMht1OwD0cQS06RLt2JVY-GvC6S761PpYzCkfzmXC6cFo55hFtVxa27ZZKYQ3bFStR8v8CmLTZTcKCLNv4-ODYPJ6U47BvytDcWr0qkklkwkENIsUIN4MJXNbswx-qpPIRM6yJy1DFLvU665cVnbG1GQtufFa-hTDaz-SNvL_ZTZXskNkCxL1sf-OlGtLcNgYGcmdmMMsmZpuDwS6TIeDlrp800CSq2srdO31qfyzXlCjvW6Gj_eKodEtjBbH-OJfZ02-TqDbN5zRETxjbnk9mtjednAdkp-rF9gnxoC-wQ_pMjIhsuahxJ5NhUZHAsBLT8AWf0fisnswNy2sf-JsVvEODRw9mxQL_DgEfqyrqX_HAxhMl8ks2qwvtW6UcKRRW6CllMgx3ITbPWivAJYnUr1ph1gY86y4GTUksnVC9SdqnQNHUN19nqUGdFet-GdI7VDDXu--a_RLNeTc9FVYp62okLEDhVa749Y0nyXV26uqo3sdP-s3Yq3Bfk0PTHvpSK5sXSg9Z0opjEhUI_cWtLlEu1U8PVCGqwhyrwmT7WFBeCyxGgHad3TiclTjgjQ3mVhzAFMwHdY5liyrn0jEOYmA08onRo1Ru50_U9faVtqQNIcnl2opQ&cid=CAQSTwDICaaNsG6TiADcSpCOZhAFlIQgiBoPV5nNfROqZECE1TZjjJHu6NY1PNDXvQg7oX0v2Uvh_XDw2pBeqSgNvO3zL83CPUMshT3RhK_LjwQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=508010325822991700&adk=3944675600&idt=56&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:35:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
72195
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:35:01 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C168 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CD7rHhVUfm-2xbtZa2jnrR54xgoxtKcyinvCFlWMsG7MF0n01B4fqraXqN9OdbhjaEpP7j0RGdXM8EwOOhS2f3BEAEns_mY6mFTpsX8kIFZMQFFH7gu7MULtHFepXfUz5xZt-EqavTLBTmSg2V2iZEBhHpAQLETq3XjdkO7we15tROx64&dbm_d=AKAmf-DE6ejOiEcnqGRZOb9jM6nO339FAk9A5thC9zeTkEUkImt32X5dhcNfAcqihF4b3yD2UjSU12d_p_6TUTmVUQl3RKwpXFENY7H_B9yh-pjymoyd98skn_5Tw14wTbe8WfCx5QoxLoPUOAYpQphT9jsbfPW9Twt165VqHSDnm8A82boWlctSxXK5dSwemsAKhvPRPt1-rW_aBJovU3R-MCiPEVj-n6VQTlq55KCXLwjSIhzpy3BKLUC5lc9T1rqp3pE-LfmHMb1rWyMKAC9sU6W-iiLMj1Ws0insR1q_hTevemDnXUhBntvFUYmposSK20-7Bv5lHN3yj5or8NwklOKLnDwKduk6IjTXaY_K6FBc7mw28zNX--7t2yKxvYhTPkR2vBKKXw-9Ws8-7B31WwZfWUY_ddkGiSknsv2_2jz786Hbs8YXoVYLeQMcNnSC_lBxpNzXLcmRfM4AIma1MZusr6QGrE-59yhHErgm-4IT9uPYf5V7_4xv_Ay1oCW1xzPWooNkpcniH4DinAGNHOApghz3SDEhR-1mqBg2WdqZBai9FS1irRRXL2V0Y3X8q4Rn29g5cTMR0d8w_aKrJz-P3OyxKC1vspE5qfC3xMSDkpVgpUJaSHaoBEpPY_9aGspEY8Qc8hficixAfNT6JXGQ4zLzXlB1JoTS3Hf8qgZkEIKoRULm-ubcNs4RXGN8QM5_Pdu5AD67tEUmVTryxQ_KgeMkhJhnPrYEQrC8XPApFXLihRI-MfcKmvQg-7ypyuY-ZK2Ca2VSU0BHVREjDAyAEmWXenYAd6Bf2D6Ga7z71q62xA3NhUZ6jTTbhS0kQcOwDTP05-Teg1qT04FLr35KMB3u0TjrCaAy4ulxDvXmS_MKfbjHYTnYoH1ZB0d6cG_6lcl8jiE72uxoKJSYAl5NtmxDdSC9oBhtFUBewRPooRWGctrzY6plX3gTmaqGf44y97rM-Hg0-xY3t3zj08l0a0X6S6BnQPIByfKzveG6rXrWA5AW0Dn8D1bY4xkPcm_y_fafPSnG-cO_UNIrsT3apgfz_FKnG4fAAn9wG2NSjjv_sWivd5JLhYqYeiWCpCFWGClZ3gQpDOAUV9oNK1InOPrdONJTh8k9Y-JcCocPrvPy-5lfTvIR8aQNo4fUZXo9GoH_gx9LaH8O73fQKkv3UFBi8l5xnq2Sb9F8rK07oj6bFtskANa5ZIsCfeopW45l1cxrHWNVBpC-wNQbU5YojceUoyZbcaNLILEEPTwqLg26YBhldJxTGXVqQXLfcvBB_cLgk8dH7VU-0cZnY6T9rLT2W2K5ttN_gm1R3u8t4JFYP_gF0q3cdHIh_z96BCgqcvfMq1v7a6ACOb6LKH5vwWr3MlTXq1PpM1dkz4eKdj2K2vMHorzWSz4PShnRDnnn0bGwZGkv77EkM-zQcCP5HDmcHs3xPXMDqGU4HO1W10yL1hUt8MzwnSZ0x1aCD3X1QT-IYSEjKo3HvQJZXv89znb1Cl3xoTE7gmESbievfNrAupKf6UckyB61uSqsYWHB5Cxthj3sVotqF7PBJ4e5vFRAVOwzXfwvITDxOtYMbAx1TT9dcp04aWG8_oKy1HkcYcfphL7QaNdbCHhPA8sikEDiKRaIGI8Cs6u0r5_kKpJqxMUfuFTz5sHEs3hmk1TDbml9Dbbwvr6vemxI9czIe9qmaqTRHEDyAgi403tAAnB-okZwgil_utEzsnRLuSi4eRFwN9Um-nBHkGBAn8iyYIuH08280mXECbsRXX9heTXX4hJrCoBtomJQgpkNjDiZEVtl6PIJXpLK5Xt4NCPUEpj5UIiswxFW9gi56M0V7bKNsTI8JMP-x6NL2-9ncMqBhPBM8wWzzZocH1YC7V9jnCafmRX-W95132wXMz2a54gufXeHoXPPKeU_PKuQpfsdEz9qme-PPf1KEZfk7hgnbaA6Z6gfZy9kOFDjUcWHm8-iV8Hg_Ep6fmSi_bVWEcHt_fcdO0vSufiGzPQ2LWRoX21P9m2K8PjB-uKGzQ1Q-jQeuZEDP3bXBB5QlqSOUJohJTCj4klnzqNmWKu70kycKk2I3w_HR-j5GHdwvvPArtImA2YzERZ7kneCNEg7Nykt6DX_Bq4Lu8Gw18CMGJxIZoXEnD6y_8JmW5Pd8H_WW4rl6gg93cWAmISgoNuT8eX4QsTpsezYa--AAkVnCHQM2Cy44WKBVFi_gFihI5oSqu2bZl6h6p04WL2OltSPO2XpMAluARbbVHkbQrrjnLubTo1ylw7tleb6RPytVpGAtJ_SRtCN9sYgq11i3R_hfvBpfoJ0UHE5SwT_qkt2rs88ttuhHfonaqmkqfd7gjnnb8Yf1sT-745-mCtRE-WXrFrhrsEiJyk4UqOvK_Bvq285FNFD3I57Kgg-b6oCxcxVsMMwE0e4TwqL6H9YoVbNicau0p_g8iHpEcnkDS-2C8ABaZL-4EhXjRWbSW0dWRFVvYb-_s-jQU-houPS3gtBy81puDh5eB7xCi6cKp-Uc90xZBtLKeNvRQB2q8RSlOqr1b_0y0-gvP4niEHBEQCuMRNIj62Z3fw86Le1kwDgLui5OIFyGVUGBxdWScoDCTgCLEfjCV6vbRxcv8FCs9M_R2zIzBmMeTtFsgx88DExd_9ChteXv04Es-_fAqUH82SjiQUfF1qsdTZEbRTWfCzopozZPQH7f-cQidIub2G8JcXB3_wKewuQFcDDqLiUyRi-s_foecwn73OLL5QCsKdLZANp7rBx4wL8Q1waq5buxY8pe4mMl-CNnTVKmba4AQfLfJkUtqaa560tWvt86H_Nb-XL6kGsAJktfuyyJw5sV0k_9ttENS4NL1KfzCyM3crP3MOJ-rVJfckb2nnKkKyDpCt0b6gIFtghNYR_LI7WXRYaXxPkoP2R7l1Eecr14mxFvh0rLrSSRrEofxVAXCEQ7ro2BJ66O8bxburXC42dwZqUdnJ430pDsOlQkUZFwL2rWerIJxVGCFRff6OivQUg2LA6x-I0yQs8gdXj3fktjARKV11vOs7VD_WaR5fsTjcxEXGjPVKBH4Bt8GrvAr8WwWfFkQKG7UXnpLBp81PiIKWCjvvemLbGlSackndRBtuZwitBHP-S36rAGLQZ-dW5VIPRQ904oeDLX15KxAY5RtgIuYGHQI1l5rZUWmfKdmttf3f_ZE1m8ajNnp9wCF996wbMwdG0bxkV37DPMWQJP1zBEpeaobPWgZs2cnvHJFdG6gt9TyZGhaYYUawK7lFBtzhHsY4pftlP6HQPbYWStmhtjJxrBwWIujE5qYAQAMht1OwD0cQS06RLt2JVY-GvC6S761PpYzCkfzmXC6cFo55hFtVxa27ZZKYQ3bFStR8v8CmLTZTcKCLNv4-ODYPJ6U47BvytDcWr0qkklkwkENIsUIN4MJXNbswx-qpPIRM6yJy1DFLvU665cVnbG1GQtufFa-hTDaz-SNvL_ZTZXskNkCxL1sf-OlGtLcNgYGcmdmMMsmZpuDwS6TIeDlrp800CSq2srdO31qfyzXlCjvW6Gj_eKodEtjBbH-OJfZ02-TqDbN5zRETxjbnk9mtjednAdkp-rF9gnxoC-wQ_pMjIhsuahxJ5NhUZHAsBLT8AWf0fisnswNy2sf-JsVvEODRw9mxQL_DgEfqyrqX_HAxhMl8ks2qwvtW6UcKRRW6CllMgx3ITbPWivAJYnUr1ph1gY86y4GTUksnVC9SdqnQNHUN19nqUGdFet-GdI7VDDXu--a_RLNeTc9FVYp62okLEDhVa749Y0nyXV26uqo3sdP-s3Yq3Bfk0PTHvpSK5sXSg9Z0opjEhUI_cWtLlEu1U8PVCGqwhyrwmT7WFBeCyxGgHad3TiclTjgjQ3mVhzAFMwHdY5liyrn0jEOYmA08onRo1Ru50_U9faVtqQNIcnl2opQ&cid=CAQSTwDICaaNsG6TiADcSpCOZhAFlIQgiBoPV5nNfROqZECE1TZjjJHu6NY1PNDXvQg7oX0v2Uvh_XDw2pBeqSgNvO3zL83CPUMshT3RhK_LjwQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=508010325822991700&adk=3944675600&idt=56&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:49:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
64107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11874
x-xss-protection
0
server
cafe
etag
3876053170955424897
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 04:49:49 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame C168 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
truncated
/ Frame C168 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24d130ce4e5cddbd4d545aa58d8e49f1323ef6d0f30e5ac66b49f765be7cf4a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
/
www.googleadservices.com/pagead/ar-adview/ Frame F37B
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CppFG1plWZfXKM4ub9u8PlrKe4A-dkcWwc6bj1eiwEdrZHhABIOGP9QFgldKhgrAHoAG52Iy7AcgBCagDAcgDywSqBIcCT9CctsmmD4HrvAL38bFAgSGpoS85HbjEsiq3fob9iQ_5ymFVy92...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223885439463398319637%22,%22debug_reporting%22:true,%22destination%22:%22https://waldorfastoriamaldives.com%22,%22event_repo...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223885439463398319637%22,%22debug_reporting%22:true,%22destination%22:%22https://waldorfastoriamaldives.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22392375353%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225394813696724326401%22}&andc=true
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"3885439463398319637","debug_reporting":true,"destination":"https://waldorfastoriamaldives.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["392375353"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"5394813696724326401"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 16 Nov 2023 22:38:16 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"3885439463398319637","debug_reporting":true,"destination":"https://waldorfastoriamaldives.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["392375353"],"4":["11-16"],"6":["true"]},"priority":"500","source_event_id":"5394813696724326401"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 579A 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 770E 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
521
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvn0f&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.4=fb.ds~lb.ly~ol.vo~bdt.-16m~bpp.-9i~idt.-9~dtd.-1~dt.-9j&met.3=492.dw_1~555.vg~556.vh_1~113.163_2~112.162_4&met.1=1.lp1rvlud~6.1~7.1~8.1~9.1~10.1~12.3~13.df~14.do~15.dk~16.vg~17.vg~18.vi~19.vi~20.vi~21.vo&met.7=CAUQCBgBKAEw7AM49AhoA3DkA3jJtQKAAZ2zAogB0dEGsAEBuAED~CBcQBhgBIO4DKO4DMLMEOEVokQRwqQR44bUCgAG1swKIAbWzArABAbgBAw~CAkQChgBIO4DKO4DMKIEODRokQRwoAR47kqAAcJIiAHYugGwAQG4AQM~CB4QChgBIO4DKO4DMKkEODpokQRwogR4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBIO4DKO4DMKAEODJQ7wNYkARg-wNokQRwngR4iUWAAd1CiAHwoQGwAQG4AQM~CBwQChgBIO8DKO8DMLcEOEhokQRwswR4_3WAAdNziAHDoQKwAQG4AQM~CCoQChgBIO8DKO8DMLoFOMwBUPUDWLAEYIwEaLAEcIoFeJ-BBIAB8_4DiAGo1AywAQG4AQM~CCgQBRgBIPYDKPYDMIUEOA9o9wNwhAR4vQOAAZEBiAGPAbABAbgBAw~CCgQChgBIPEJKPEJMIMKOBJo8glwgAp40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~lp1rvn1p&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.6=6.1_CgsYgwUgfSoECAcSAA
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6ACA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=692487048705&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6ACA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=692487048705&version=m202309260101&ct=77&x=1&cor=11775103312522355000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 6ACA 		20 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk5Gtfz33hv7J3fiFt74R_Sfpm_CDEiH_KDblpuBAxxfRZlaUGxGbqYs2b3FUPjQ3720Cm5Nw2LKm3L2zhLv6JeZg7r_YMGgUkEbwwfBs1nYmaQ_fjvnxUTJNZYHMXTr1gfwlDc2sVp7mXTN_6M26KLNxb7IGaUXNSY-jBFHnSeDDsZfPXyREpVpHJ0itQx-fz-MkJM8lbGMj6HjfVwb0AuaWyug&cry=1&dbm_d=AKAmf-Ds2oTOMvOk6giasYuDUpCnoFUpO4HhZUxbD6DDikeFuOOLm8Ykp2vDQBreDs_nsB6MAHSrqsc8VJ4dvi-vtDPxG0tz3oTQOA0kRxAKbVE76JWXFbYyDyFK5-VIXY8_8NQOKeA61nC08McKfD0awENJzorWIYhJgFzRP-fuT-unP5TXSThGlfxJcFEXbLdSvZFsvXZPfwmkO331fFebmQd2tFaJHLPrWwozafPRawFlYo2TALV5M4Po3asBPCw3aT8qdXCY0Ydvn4Hm3_vkjfzR_yfcgiuXCH1FqBrCs1vRO5pUXHellgR8ZrVguh0XiIZF-ak4y5HrwUn-uktFICgGYFlkQEbELw7roVCaOSHM3BWwTuGGODQABFNaQGXCv0fw1me9aJT984rLw9dQi35rR83qmVL3TohP0OMiYUpiucEV1Tpszf6-LOwYAquqh63dX7JKM9Rfkrwk8paKKsdMom_xlaCHbTLtPNNVU3MAee_3Xv8ws3e-VKiddImpJ_iTobOjj35mLXbqxT5TwhILrphb6ylhGXbJA1aEpjwaWqPFc7RAbcWHKuqMxDM5Ff9BujN_hZG4uuM4CrNJ-W4lKWwjC_uIXlaZeWS9avNN9__jtaHGKmioSv19oT4Wwv48mbrTimcgOoWJllKcOal_CqUTKI5sQtynvCd5jzv-SLHMFJeUp7ofFwZHFaw-FM4exW0Q8hdslhYpYHtMP9RwWpYvgBh5eWDJbU1x01vBX7mM0-eqi10xo8qN9gUvNelTP99uDDb1jRZ41Pj4VvWRt90vHf_eKtej_EAK9fUrrzQ5J8_Er8SH3K4_FZUAtsZN63cH_-9NpTt61-HQRABLv2npEHTvgT-L9Ico074vC_aj4g8k86maDK6X8U_pe9xLOkwFxPkq2Iti89im70YgORjMMgNEZSUXMBeMJmwEo70wPEHj9i7IblbIBN5Ukjzqs5HSY8_3XPjMO3Ifbc136R1ATkfmI-pEfpEZPVmcKQ0EKd1HC-2k7Al1kFSv1Rn7LVi767eCRAZG-_0CuSPzwa4qrHf9SsGWS13HtULP5EHHtNpYzE2lDk0DmPzr-52rbvAOKDtOpKVPRodSYKfsrAC9FmF26T7PS8b0hFacijN7f6Nqv5v5ZUOXp7YD3IdL2be90w1mUkTOdmmguGV-AuegRaaju--O53VkQrAn5tA9CepQibmdWtVx9ltL5X9NXwvBODmjSP2sVqBHp7IrLLZ6pL564pPHG7c5VqGjTwiHkABzznyKir5R_DaQyesXnnYozTe40-F_xF8UG4VRPkD-1QKBBRvGIbRUqHl2gSbroTzykPzgRWpe36rHkUJ_-K2FTHxbK6ZPwte_3sw36VPl1f5lp5jvg-opjp2NUGKu3e5_Gdztt5El0lNQGQ3XLq1dl4oOJ-6BVNVrqqeQ__Qes88vAMVHN592GYgaI0QwZEC1z_rs4f_PKTBduQ2dGS8jxPeNXoB2U2IcqOAEq8OGDO2XXTHyTK7nysg_i67G1B_JRYs9X-cyVLCy3KThDSWi1xV8-_nDw9iNDGcVIRlci4vJ81W3NfUjTLfo6lYR9jrvujv4ZzV4pgVVCDrka4SK50Ue-EZpVD_NJ__usu2t97b4ClAnG_fdkS-f-TkdDWJep8jfpRu5lF9t0FMyPOFnywNeprM80mOXVrqx3R0aZlRblxfOO_bju2Hx6YUbhPaNnwORPkC-k0XKqA736c8wkgBKrRTeURJPzi5mx4B3OwP7tH29N6G1CmdO3qHZPhZQfP-5oPH2mTukMnevbtr4YIjedAZNt2vi-y227HEkhGbNW0ps6D39zAPHzXLk0Bza8diRBe44KnCz1Vm5z8znQjuW_eSf4BxMWi3sxQHqIQzxKIScjFR4tiIj9r4UOs9HdetQEE1Exv7NN3i4aKA02mvw_wwuClfcjZGw0yHkcU8bUbBu5sTJxWVxqafFsNse-iGxRMMemC1xIJqN3bTQ_cqDIE-pSJdg1uDAdq7n-APIIDV1NmPpnlxJl4BECLIqalh_hLQ7aYkFQSvJsUgOCEnPoWgExAg2ywY-B1_rsKlAcTYo787lwzrsHJE-DnyjhPhxi6hjhAlnY7eXfcN1YlppglyeWtylFxNDje2CfSf-2bXyrd3-70HLH-c4jdronmmpgAhrQQdCTwO1XBpwipBKHWkGa7cT7iKHic8Lqt8MhnBJaxkLA7Gyh2EJJXt-NTSC7syd2vhBtc1wNq8VbOxrOleEqEKJ81x1uF1giFr1k8mY2KOW0tebgKcnZbUePdLZF4eCZ9CpocaGySa3G31Q8Xb2J1KcNpHiJdR52ZnRvz7P-hwZQWscMz0Js1wedgajBLcYdthUq49zgmzgjt9HMJvg3bwKT-6U70EBI0Rk_N2Knwz8UCQyBQyP88ffzZTgiZmxW7BAToRE2rV4t63KI8rCx212Jm_FG65VTMTdvpG9RqcTxpbNWV3ZqvZLtqZTbgzpOLei13Zc3d4UZoiAQJpo13K7R5KZQNyFBWwNhpNtW1X3QHs06nDbcmU3REltPCqlTjL46A2Xx4GNEpIPOAD7yg6kgBsS7jrKXfP2BTBEl_UdZfLDYx-HV09BG_udZwRH8ywj1ES1YbrPW93tqOjm8uSRpW-w4ots-tPYhyUw2A5NPeUggtyCKzRt2QpTh_L-213HK3k99lplWK5fEhKJbxm-lOBM6ScPg1ILJrN0MKVxdHl_5gYZQ2EBGTO0SB_5CLVaA2r0TcGG3dtEiVfDngbnEHANYM2W1e8cvVOaInsYiItG9VSGtWqxvVfdWL1bCODSuqEhBZ0PTyKEljDvwS0RVt_WPRo6ByPQpttzxsPDEg-YuvpvAhjWHM4t2kxcMkoC-b7MfOze97BchNOsrjKUbWkxVxxel_oyiUoohrz8e2ujQy7wXey_IKiNWDD8DpD1MaRt4sxxDaQmBiNIaQ7yEvZCoD3rRuaXHsc4yCAxhupsxBQJ8KsBQzDijEomWEWXR_dURw_E2YkTP0ITy9bczPb15peNuUhwX8Ib3RN26Ge2CoqMJwJRZ-h_35tHZ2wR6PBLsRZMMwdk-6d4t-D0gOpgZKMyxyyp6kzKSYDyaN3Oh4gQpKH-N-f3NI17PyieGnT93ymbS_TlZV7iIX9rCDvSWnmzLUGs_T05iWIbocEWsspJ9-WWOV0ttLcuYU_1ORKa2IXSVmemZeBsDoL8ABgEDXL-xXHjTDG_NwkG0w6g6GC2npbQ0GkvPe5xOBFgMHOROUihR_Nw8vi-nf0sMCXU2urCFGkSBIBgsF68PLQXZr9Nud4QwMlTjdhmM0uVVUIdqVcIfog19uMDhPR4l2j4-a8eQz0dDGAKezZPxcetQEwVFYhmo-BlOH9CgFf3XTRgFEvR7Igr5atw1PoKd0VuETbU4bX4pDpcoYGFbDr40XocaBRciTOrMs4RXpjQHYYdUvtuXk4g74bdYQgAeoXUbMWB_4SyR6Vi7cctbG76pmS26IO5P8z6jf0JEeAdSxnberZHRY5xiz7ZaYJfyNgQX0IOOSyvY__nd8LwIco6HB-ycPufg_4-1w0XXUtpOvWsK05OREJpRT2IH8pt_yVBBnahOtr8AC2WWKqxTAbzWHI290EjOj79VVrNGyU7uMxe2R3lnamZXQ7n8VWue2wxW6TibpqS7C6ufm0vy4-oyLmKitI56i_cVGIB1_UBQq6wd--JQndzHNVLd9GZsC84h4oQYjycNAoc-WRXNwIcF4dFEqJWHUvadgv5uniOQNpGiuPAGe1CKpGlhHdppXM72vfDY-uBxNuZAeh0Gq3vWXXMGWYxOfSOFLFJf6Tle1l1_rC7J3nob3ZwYuTBabas4rd2CE9_u9ln2pOEdYeNZA7u1D8lEq4zyvIlCCXPmwDD1nt5Cn89hoOEY_5F8ggMyCYe8rHck-NA9zE6WNYf-Ge-tip7hIyKwiFw3W_aZhCs4JCqzGvISSIE4XGMalI187LEShVoB0YGRT_hDPZaslEs-8JWF_jhhoGOTT1bYDFEzzShLEfHFqkrTURHq9wi8Gl7XSKQYNFid5jxS3vz0RoECM6sfIQud-eHH9ZrwvH-MkGN&cid=CAQSTgDICaaN8XoIEfLE1Q6V3pqJmkSJ3GtjNO9jDrijuvotMY7_X5e-6p5Uxn8_nOgh4mshg_As4ClZxxEeRoGoVF_lsgk5SRiu09qe8nRPvhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=11775103312522355000&adk=3430571818&idt=41&cac=0&dtd=3
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
34a26332340371e7b012780d8786e4efd93f3b24c70db3a284ce3e2d9ca46be9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14019
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 8ED5 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/17425118478164857034/ Frame 9173 		144 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c38c9c0ad13cfe2d9e7eafb46ae69f40fa031efce5570266087babf59a7660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
255710
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
23058
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 13 Nov 2023 23:36:26 GMT
expires
Tue, 12 Nov 2024 23:36:26 GMT
last-modified
Thu, 24 Feb 2022 10:20:47 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B338 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsszkmbCqQhE8FySTd6KlEcvTKxKs4jEz0d2Nt0YNvaHxaI4w-JiZsFgW-zEph70MVB_8mOj-XX7uqAShOOfAHDU5VP1wFYloD-qrtD1mwFIjrru4B1vbDU2n6aIPDhFFg21wYS3hsOUy612HGO-2dHOZCYXOUVar_uWYljNyoZpm_5XKwSVzhC-Wv0dwgfIRePrDBCxuSbIuUbugfrAUjMPizcWXX0_hlRigA2vJUG0Z8mpFTCEjytaUB6aAvnw0uWM5649_gaKgxcNl_hCXsePgzs8TsT5O29I8MD-pYFM4k083vV9Vo9HVacDxyHfMqMUylAtRJdlZQnTOM5q_X2TIslQkfHvCDekoElwYg1Trc769H5x4yAGt7Guv10vQWzF7P7Fyhkk-xVs4sug0qfLHkbGECzlsi4je1OzwqY6tluIzrXmk4_fvia0Yu4_tGoOP-wF5ktuI8kyZzYQAPRqYVCrXLtao-gtugkagcRbzPs_0CvyO4fk2tE55ZlanTS7gCmRxV-0WhLDTu-bf_7TJqnziPHSYcdSZHNXbD1kq5Q25VU1CGBP-dSzzex7Sq1MNYgynicbVI3IT9WyKaps8kp2nVcXfYgfxMo231XB7qMoD-_XyLGd_sB6g8W9EVfWXK8RRqsU3mhi1KsOGc4k29ukshKCZXRBV0CndHrERPTGKd44UD1_jiRnk8W-qwRpHvsl35sLOzz8aPz_lBjcUhLj4wR0pPMI7f7nBv0z2KutmRloe4ZRRgY2bGXpf046B29zYwDOJyVeZdmJxLEHoEeX-1mQt80ffAtKbzkCfllkzKLbesmk6CMw3FSANFfId2p4uU_5Yg6PTTSC7MAxeFdycMQ8BMRb2noxxNP8F6Mt_SJT1livMrZbln1fUXxaey7iW1LnDBtZEzVjrtftYL8loLrsp52VkF3dDZZQ_VEdPBQ1dBS1mGslriYoMVjA0yWEs35-7V4qGppb8KzDKMhDsL4BiCqJ-3jtmDzqCw4ka_M7TKli50E3H7VLtrqZCpxvvnoo1Wy_Gjex3ZufKYvjvjVE-vxcqedZPrS3eKckXAX4qyOQ_FD4tbTEboemo9pogeVS2OPUCpAAAgCoehsArvhyVlQa1J1VkBm2tvtmz8RIp7pqsHKzLAozgdQoQeKOpu2kz-jWPFptJ2glm2ovdoaZrHMHT4d_1TVk59_Mnh3Fp0rD0rplQgggWAMj9ABGAgg18rULqQRifcfE2JkBll_C3B-fVEhEY3beNH4VauVWjFQ5_xWTDGzbk4XMGX57RAZ-11jdN1ZbQby5F6l6avvIpFwHcCiFWT9qjxd-bkgeLDrlQRqwemnwz8Ar4JVeBEv2PSRndwpvarw8Y5YXnrIGuhCD76Txn7kVBaqB0xhYNhrBpxMPpSxQiM5XBsc-UYvHgBQbrm0jbrVXR4dNkcEGpFagoxj8HDnBlrQErBeCU9nLEFTaFnJrjPw9HLZkO3elx-FO-tXHvzo&sai=AMfl-YRMmt1GkG-o2n4qOh-9ybFlZaxWHaWCf7grBbYA2ubrm66n3T58KkZbVgTpmAb5pSWptTZ9xeOm8YJzy2Bt8jbvzXquV4BbXNpRgNpljj8pvY5HG0IfET-O5WpSasMua7kZeeWDgnO4pr72bbhiw4PvUSA8xqk2OTM56HcbFjRT8HVU8iewrIho-W8eT-HFuky9RNA6Vx59WFkBdYzZVfcaqY0kjbMyIh3yFu2DICgobbohZSKd81Sejux8fAPXJ6YeUPlDomA8EiALl8nR2lcqE_7TewTKb-2LUKkhtlkE45Z1m6WxF6-0cTrtdA&sig=Cg0ArKJSzL4kqBu72JltEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=313&cbvp=1&cstd=311&cisv=r20231109.49751&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
pagead2.googlesyndication.com/bg/ Frame 30BB 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:40:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
176263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15051
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 13 Nov 2024 21:40:33 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame F37B 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=1035218292&adf=147043666&pi=t.ma~as.6384904019&w=1200&lmt=1700174294&rafmt=12&format=1200x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294525&bpp=1&bdt=1189&idt=289&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=294
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
521
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 6139 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
4.js
static.adsafeprotected.com/ Frame B338
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.co...
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZZuAMpm99u8P1oqZ0A0&cbFunctionName=goog_wrapCb_15lWZZuAMpm99u8P1oqZ0A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZZuAMpm99u8P1oqZ0A0&cbFunctionName=goog_wrapCb_15lWZZuAMpm99u8P1oqZ0A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 22:15:34 GMT
x-amz-version-id
5yD0MD0xvY5qMDPlbaeccRZIQga4BLlQ
content-encoding
gzip
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
260563
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Mon, 13 Nov 2023 22:15:32 GMT
server
AmazonS3
etag
W/"33dffa7df253125904b2f354b5bb5e8d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
VJDiPT4Tfe6DuWoE9X2S1tB6fFEBvlKocNIGoF_teB88RMifFSTTdw==

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
server
nginx
x-server-name
app02.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZZuAMpm99u8P1oqZ0A0&cbFunctionName=goog_wrapCb_15lWZZuAMpm99u8P1oqZ0A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 46FD 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 24 Nov 2022 00:35:59 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
30924138
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
93606
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
"1f3488247c90bb5de253d3d0cb3b7458"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
nblpvm7ZWe3shF70yMiQsBctX9V_WnWk01eQ67yllOtgKwpdPQnLvQ==
4.js
static.adsafeprotected.com/ Frame 2CE1
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.co...
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZbOUMoe69u8PiMOm2AU&cbFunctionName=goog_wrapCb_15lWZbOUMoe69u8PiMOm2AU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZbOUMoe69u8PiMOm2AU&cbFunctionName=goog_wrapCb_15lWZbOUMoe69u8PiMOm2AU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 22:15:34 GMT
x-amz-version-id
5yD0MD0xvY5qMDPlbaeccRZIQga4BLlQ
content-encoding
gzip
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
260563
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Mon, 13 Nov 2023 22:15:32 GMT
server
AmazonS3
etag
W/"33dffa7df253125904b2f354b5bb5e8d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
sOI6IERXAlczxIW99ECjAz8H1zZ8D3bHsJkIt2AzRD7N06ZDF2bnPw==

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
server
nginx
x-server-name
app01.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_15lWZbOUMoe69u8PiMOm2AU&cbFunctionName=goog_wrapCb_15lWZbOUMoe69u8PiMOm2AU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame B103 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 24 Nov 2022 00:35:59 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
30924138
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
93606
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
"1f3488247c90bb5de253d3d0cb3b7458"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
MbzGZvZvKPBdt28PhRZvlKSUtTr9IAinEP8pYYaaGHBfZYd7qOtAoQ==
request.php
hal900019.redintelligence.net/ Frame D543
Redirect Chain
  • https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
HTTP/1.1
Server
78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.238.90.46.78.clients.your-server.de
Software
Apache /
Resource Hash
7d6fa469121a0362e33a5e0ddf964197b101adcbfa65bc22d0fe6dced8d68172

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:16 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
56038700178904204444994012510019
Connection
close
Content-Length
1138
Expires
Thu, 16 Nov 2023 22:38:16 +0100

Redirect headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:16 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Length
0
Expires
Thu, 16 Nov 2023 22:38:16 +0100
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame D397 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjMxNTY2MgogIHNlcnZlcl9pcDogMTI2MDYwMjM2CiAgcHJvY2Vzc19pZDogNzU1Njg1NDYzCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame D397 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjMxNTY2MgogIHNlcnZlcl9pcDogMTI2MDYwMjM2CiAgcHJvY2Vzc19pZDogNzU1Njg1NDYzCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDExNzk3MTA1NjY1MjE3MjE3NzE1CmRlYnVnX2tleTogMTM2MjU3NTc1MTY0ODU5NTY1MwppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMTYiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTg5OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA3MDY3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo
Requested by
Host: 5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
URL: https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xf592583487e57c4e0000000000000000","13":"0xf2270847e08a2b9e0000000000000000","14":"0x39eeffef3053d3b50000000000000000","15":"0x406119fd8722ec540000000000000000"},"debug_key":"1362575751648595653","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"11797105665217217715"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 790F 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/17425118478164857034/ Frame 73DE 		144 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c38c9c0ad13cfe2d9e7eafb46ae69f40fa031efce5570266087babf59a7660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
255710
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
23058
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 13 Nov 2023 23:36:26 GMT
expires
Tue, 12 Nov 2024 23:36:26 GMT
last-modified
Thu, 24 Feb 2022 10:20:47 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 2CE1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsssi_GRduVAEkV_i_nC81Z48Bcke14TncU6_DO04ksHRtnWwJ_gOoO6qg2axQpJrTi0-_5OrqAog4jFnnQihjT90VtLfFkaxnENankACooL17XuE8FqaswUzWzRW3QaIVPFNvWCHY6WRYQ9DX4Hg-b8B3X4oN9XYcScr7G1bOWGdTBGNWTiBI-fKqevJuR9Tuc-beeDatdwonMPHe8WMDEjYYd8_poozwS6nY-tGkk3dtmSubEjsESLHVGmjiLnTaftFeJjPa-9YsMP6L0McRbPsl9LYNVf8uN8DvudJklkp4VlQGuynFKQ0BmmC5TM-7DT-l3Kv_9KqhjHe-EpFFa61GDY3K8n6IlYBmYqKt3wTPwVHG4C3StX7jHJBkS0Fc5FC0gRnX-1nPqARlcOjlHsdNyWPoceiUstp6QHW1lasutxJ3mYwKl8fYXsoK4nVOasrkCc2GMD0J9LzMGvW0wIgm5NqUzLS1RtEHPQAw8ZeW2_Nks9_FOHBNOv1c4QmhA5JfQ-ZZhJ5SGQWIvLE6yKfuyTCmR_9fyqm0SmoARsf401lv9plnZVZ_XY_Lic69To2rsDrFRMrXt_a5L-Cj27N7umHtEdG5zPLCBbqe3xy_wBhMbhV6weThujFOE-qZFdsp50cCP_n7K1e8jaYM_6A_YgSah2zoO24tv9evM2WGhcuqsrGrRIlqhLGFY21UrGuPQJ_NfSO8_5rYBNOA3UYKtl_4HUjGn2f4m-OPfsLZalOn5KakEW1zsA7cel70Vmv4q7SqHYFYE9NbzzqWdjF2aaSF9ACf4MR1sBx7b2gkIMrzKLhMZwSf-PPsvPxwR4oWUz0cNrdoc4ZMOqebdoEFBmYuNtCTrvlUECdyTvwNrTmFiw7AZMT2U5W5h1JcB8wWTjmryfxUZgWYVG2--xFGZz2zGq3WZiv9EzURoJwODAaI2ePfGFFof6knTYpW5EXDXFC9-rUg0Gb097kNtNupYuBfHrE5GHC27-9WOFv93KesuMaV9CmC0sQXXucfExv2puEPi3q5IDVBkpZPn0CPZq0vypZnEgWgpR5cSWouDokVjloficFyVlVzG7xoXf6RgUGrmajncMwZAleC6QYRJSCu7QIyCMBsKFMKw6-IW0I1-D-bayLYESGlAv5HSdaz3fHtk60XZbn_Y07XD-xvYO2VWetNwGM2UKxHF56wrEVzZwbbw-i8O2AX34Oz_y_zy_e93-OiB7Rpid6OAMzx10yWInjGViLLowmGlqh_koKiXPEB4EXEsf6Tc9pWrXOQ0bTLTxYdAbv3a-BVFvFCZ_DjfFVlrsp-Za_E_D0g83wvjMmHRByktucfnO0jmMQt6x9Whc4DmcAHlCz4fESopR4fpdMd_3FukFhvnUD21Yv6s-Xe5n01wc1LFhaRLYmLtYW4Zzmi4Odqwhtqla7x4eaIBO42jCxFmIt7mdCCosYmc5IYPsB1IdalbOg6FNBWCmPwrbRjXjvaSuiCE&sai=AMfl-YQ9sPjhxFpRZt6BlGz4OKO_TCQiKJEahUE7YwJAw4FZSXOf8d24jmGQBoo73Hs-ucQl9awq7JEWNcM8_1VI_9BHIJE9hnWxQdvKS0N7774Gj8yH5BJdpJRUPpebway55P-kMEE2ipUFOi3_TStEQjQzekyZR6TLn5t0YFEIIsgxjQQJsxAnbiYMRQ7bRQeavY28jovtTTUqX2FZee3VSFRCVD91Rz8pWm68_JEnPWM-k9dQJlK3SSC8335MX4TpqqXv5NPC1G8jPoj4BlhwabFDgJeNIVjTislWfsH_XJm1RxTcqZYIuvPiQ5PmjA&sig=Cg0ArKJSzJm7LUoZrRhbEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=432&cbvp=1&cstd=430&cisv=r20231109.42297&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame 9173 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:33:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61496
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 05:33:20 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223885439463398319637%22,%22debug_reporting%22:true,%22destination%22:%22https://waldorfastoriamaldives.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22392375353%22],%224%22:[%2211-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225394813696724326401%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:16 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
csi
csi.gstatic.com/ Frame FF85 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvn3e&chm=1&ctx=2&gqid=1plWZbWbOoK39u8P9KWY2Ac&qqid=CJafoufKyYIDFeLUOwIdxA4CmQ&met.4=fb.eh~lb.qu~ol.yo~bdt.-18k~bpp.-bf~idt.-5~dtd.-1~dt.-bg&met.3=374.sf~113.174_1~112.174_2&met.1=1.lp1rvlwb~6.0~7.0~8.0~9.0~10.0~12.1~13.cj~14.d0~15.dv~16.wd~17.wd~18.we~19.yo~20.yo~21.yo&met.7=CAUQCBgBMNQDOOAJaAFwwwN48t4CgAHG3AKIAYH5BbABAbgBAw~CBwQBhgBIPgDKPgDMKwEODVo-wNwrAR41gKAASqIASqwAQG4AQM~CB4QChgBIPgDKPgDMIoEOBJo-wNwiQR4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBIPgDKPgDMIkEOBFo-wNwhwR4iUWAAd1CiAHwoQGwAQG4AQM~CCoQChgBIPgDKPgDMJwFOKQBaPsDcPUEeJ-BBIAB8_4DiAGo1AywAQG4AQM~CCgQBRgBIIoEKIoEMLEEOCdoiwRwsAR4igSAAd4BiAHwBLABAbgBAw~CAkQChgBII8EKI8EMJ8EOBBokARwngR47kqAAcJIiAHYugGwAQG4AQM~CBwQChgBII8EKI8EMKAEOBFokARwnwR4qxqAAf8XiAHoO7ABAbgBAw~CBsQBBgBIJEEKJEEMM8EOD1okwRwzQR4rAKwAQG4AQM~CCcQChgBIJIEKJIEMKEEOBBokwRwoAR4nW-AAfFsiAHpyQKwAQG4AQM~CCkQBhgBIJIEKJIEMOcEOFVQkwRYtgRgoARotwRwxQR4ldUIgAHp0giIAenSCLABAbgBAw~CBsQBBgBIO0FKO0FMK4GOEFo7gVwrgZ4rAKwAQG4AQM~CCcQBRgBIKMHKKMHMLQHOBFopQdwsgd4oWiAAfVliAH-sAKwAQG4AQM~CCgQChgBILYKKLYKMMgKOBNouQpwxgp40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame B338 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8fda29e4-8b7b-9a3b-8529-f9099e249d77&tv=%7Bc:ub0IKd,pingTime:-3,time:165,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:41%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:165,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:41,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B157~0%5D,as:%5B157~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c*.990511-61634099%7C1c1%7C1c2%7C1c3%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1c*,rmeas:1,rend:0,renddet:DIV,siq:43%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt14.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B338 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8fda29e4-8b7b-9a3b-8529-f9099e249d77&tv=%7Bc:ub0IKf,pingTime:-6,time:167,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:167,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:41,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B158~0%5D,as:%5B158~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c*.990511-61634099%7C1c1%7C1c2%7C1c3%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1c*,rmeas:1,rend:0,renddet:DIV,siq:43%7D&tpiLookup=ao:wwwproxy.uscho.com*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt16.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=3~lp1rvn1q&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.6=6.1_CgsY2AwgPCoECAgSAA
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=5~lp1rvmg0&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_CgsY_h4gPCoECAgSAA&qqid.2=CMyauefKyYIDFR7huwgdYP8GVA
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame 2CE1 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8e38dd9e-d96f-1a1d-b850-f65ba9af288d&tv=%7Bc:ub0IKm,pingTime:-3,time:113,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:16%7D,%7Br:r,w:300,h:600,t:110%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:113,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B108~0%5D,as:%5B105~0.0,3~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d*.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1d*,rmeas:1,rend:0,renddet:svg.us,siq:17%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt24.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 2CE1 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8e38dd9e-d96f-1a1d-b850-f65ba9af288d&tv=%7Bc:ub0IKn,pingTime:-6,time:114,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:114,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B109~0%5D,as:%5B105~0.0,4~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d*.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1d*,rmeas:1,rend:0,renddet:svg.us,siq:17%7D&tpiLookup=ao:wwwproxy.uscho.com*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt23.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
iju9wczm8trb
hal9000.redintelligence.net/zone/ Frame D397 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1700174295354700&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCudPu15lWZYzTFZ7C7_UP4P6boAWm5b2gaa2VnKfJD_AuEAEgsMjAIWCV0qGCsAfIAQmpAp-bbFKUM7I-qAMByAObBKoEsQJP0Kr5Y8tvTgAN-vmMdjmkddqNesNaJSr8Ws4vXHDlxHtpPCh7kXBITRne-_aVejE-xFtKdbfYmZf2UxrqLPdmfANHyoVriENs2Y73Jhz5GzOLFKByG4X7rK36bR-NdwOSaEIr7nn3iU2GjScJkILeObVDJ61gk4nc1a0foOyF0KVEJlqQf5_n7Mkqf05QnXccCZ7IshKhjn3ttnpYE90Y8p3BOaR_I_LoKODY7Kzj8nuUdElRTi5Vt7bGiitrUVkDxK6xw1TaSTBRTlky6waEjQrR2aeAbsxDE96c1qTfDBMQj6hqbnUfJ1msnFClhRdzWQXYR63CTQUAllK-Rv_ZqVO_kEZB_y4ztee80Dzv38z9rJisig7cXj2Dr65YLY9dwNkfwPb22ohSTAFyvuH6u8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJEReINEwiFpqbnysmCAxUe4bsIHWD_BlSwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNQI2CWfzrha5lUseqemBWCVbBjVHLChtPIMDgi4Q-oooDU-Q3ClGhYWGw45pjJOUJcDD-9KjxF4RE4kW1hD7ZVbXdUdeTd11TVXYYAQ%26sig%3DAOD64_176092UpDi2XI7qGkEHtSvVkQp1A%26client%3Dca-pub-2697679518515886%26dbm_c%3DAKAmf-DvRJ1g5MGIdSd-a3ykyOZwQNy76-_FTIECfQOlF5-98WHu3fDmFSHVOAwJTxW8PVd6LprGdjDj2_yhhoceFZD3GWYPVhbOVHd-eTVpRLw2mVe6zTs7LtbKUasmB706_AbPY8Typ_DSTpeJcfhAvoxjZjqWCugDxGCO6OjkCKtbdo1xtbY%26cry%3D1%26dbm_d%3DAKAmf-BNxRu0b9DKjIY0mKfwRtIIzdH0Wxh6PplcpDeGzXqyQGC8Xl74iNPlLLvRyzDhanXZ_G0Q9xGvvcimtIXWJ5GVqZGMI2Zo5oxxWpmuGT0NGhkngY3Grcw0DiA6vLUft8Xtls7lQXAPnKPr_q4yGg9X_u2IiXmw8ESqbgVYtTXkZVoeLxso5eJIZbwq_Ixoe7VtgwROb0YYylhbmeB0dq2Kqv73EXgDggtIm9Dwk3kQke_U9auCQxq5W5jh9LBOVZhLS7bm-Zp1V3w5McmdItDz86ECh40sC2XgoDGg2MSj3SlS0RYmID3J-v1htFL3WOdQK5Y9B_JJSjWJ4vzJCSQGpYXQG1GgJRndFYX32uFZSC3ePjX9uWAy173B65wjKZYN1uDcIITVlNK-99CgfzwJokz6YhRZp7UBFk3kV9Mcs4uK1KHuabf2QYCXN0yX1KqlMx98AjuWtYFOuW_jiq-STdkkxOL1G_-qKGgKtzXTK8Wyn7t3zrLMF47yGDx7neeud-Dc875hjvunKcQucnGJ1rHjw7TuSlUc4i7Z2wsSxI6ftWA%26adurl%3D
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
8a656aa70be9cce33592b105a90fbf22bf5667a2e8000cb081d9d9cc36d1cf27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:16 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
4266
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
4.js
static.adsafeprotected.com/ Frame C168
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/990511/61634099/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-4191647241486880&ias_chanId=1&ias_placementId=20343400544&bidurl=https://wwwproxy.uscho.co...
  • https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_2JlWZeLmBISS9u8Pmv-JiA4&cbFunctionName=goog_wrapCb_2JlWZeLmBISS9u8Pmv-JiA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_2JlWZeLmBISS9u8Pmv-JiA4&cbFunctionName=goog_wrapCb_2JlWZeLmBISS9u8Pmv-JiA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H2
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 22:15:34 GMT
x-amz-version-id
5yD0MD0xvY5qMDPlbaeccRZIQga4BLlQ
content-encoding
gzip
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
260563
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Mon, 13 Nov 2023 22:15:32 GMT
server
AmazonS3
etag
W/"33dffa7df253125904b2f354b5bb5e8d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
1BMvnBJ2rPblounqyivmg4FnfZzs8hTgyogo6QtBM1xndkfN0K82Nw==

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
server
nginx
x-server-name
app03.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_2JlWZeLmBISS9u8Pmv-JiA4&cbFunctionName=goog_wrapCb_2JlWZeLmBISS9u8Pmv-JiA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 4D34 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:e800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 24 Nov 2022 00:35:59 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
via
1.1 a2037d86ccb1a548f20827ebd95a65f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
age
30924138
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
93606
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
"1f3488247c90bb5de253d3d0cb3b7458"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
xgQgIAmzphYmmggihLL729WbWTLPcYGlsIHs-izU9Fh5S1ePYGMj2w==
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame 73DE 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:33:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61496
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 05:33:20 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 6ACA 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dk5Gtfz33hv7J3fiFt74R_Sfpm_CDEiH_KDblpuBAxxfRZlaUGxGbqYs2b3FUPjQ3720Cm5Nw2LKm3L2zhLv6JeZg7r_YMGgUkEbwwfBs1nYmaQ_fjvnxUTJNZYHMXTr1gfwlDc2sVp7mXTN_6M26KLNxb7IGaUXNSY-jBFHnSeDDsZfPXyREpVpHJ0itQx-fz-MkJM8lbGMj6HjfVwb0AuaWyug&cry=1&dbm_d=AKAmf-Ds2oTOMvOk6giasYuDUpCnoFUpO4HhZUxbD6DDikeFuOOLm8Ykp2vDQBreDs_nsB6MAHSrqsc8VJ4dvi-vtDPxG0tz3oTQOA0kRxAKbVE76JWXFbYyDyFK5-VIXY8_8NQOKeA61nC08McKfD0awENJzorWIYhJgFzRP-fuT-unP5TXSThGlfxJcFEXbLdSvZFsvXZPfwmkO331fFebmQd2tFaJHLPrWwozafPRawFlYo2TALV5M4Po3asBPCw3aT8qdXCY0Ydvn4Hm3_vkjfzR_yfcgiuXCH1FqBrCs1vRO5pUXHellgR8ZrVguh0XiIZF-ak4y5HrwUn-uktFICgGYFlkQEbELw7roVCaOSHM3BWwTuGGODQABFNaQGXCv0fw1me9aJT984rLw9dQi35rR83qmVL3TohP0OMiYUpiucEV1Tpszf6-LOwYAquqh63dX7JKM9Rfkrwk8paKKsdMom_xlaCHbTLtPNNVU3MAee_3Xv8ws3e-VKiddImpJ_iTobOjj35mLXbqxT5TwhILrphb6ylhGXbJA1aEpjwaWqPFc7RAbcWHKuqMxDM5Ff9BujN_hZG4uuM4CrNJ-W4lKWwjC_uIXlaZeWS9avNN9__jtaHGKmioSv19oT4Wwv48mbrTimcgOoWJllKcOal_CqUTKI5sQtynvCd5jzv-SLHMFJeUp7ofFwZHFaw-FM4exW0Q8hdslhYpYHtMP9RwWpYvgBh5eWDJbU1x01vBX7mM0-eqi10xo8qN9gUvNelTP99uDDb1jRZ41Pj4VvWRt90vHf_eKtej_EAK9fUrrzQ5J8_Er8SH3K4_FZUAtsZN63cH_-9NpTt61-HQRABLv2npEHTvgT-L9Ico074vC_aj4g8k86maDK6X8U_pe9xLOkwFxPkq2Iti89im70YgORjMMgNEZSUXMBeMJmwEo70wPEHj9i7IblbIBN5Ukjzqs5HSY8_3XPjMO3Ifbc136R1ATkfmI-pEfpEZPVmcKQ0EKd1HC-2k7Al1kFSv1Rn7LVi767eCRAZG-_0CuSPzwa4qrHf9SsGWS13HtULP5EHHtNpYzE2lDk0DmPzr-52rbvAOKDtOpKVPRodSYKfsrAC9FmF26T7PS8b0hFacijN7f6Nqv5v5ZUOXp7YD3IdL2be90w1mUkTOdmmguGV-AuegRaaju--O53VkQrAn5tA9CepQibmdWtVx9ltL5X9NXwvBODmjSP2sVqBHp7IrLLZ6pL564pPHG7c5VqGjTwiHkABzznyKir5R_DaQyesXnnYozTe40-F_xF8UG4VRPkD-1QKBBRvGIbRUqHl2gSbroTzykPzgRWpe36rHkUJ_-K2FTHxbK6ZPwte_3sw36VPl1f5lp5jvg-opjp2NUGKu3e5_Gdztt5El0lNQGQ3XLq1dl4oOJ-6BVNVrqqeQ__Qes88vAMVHN592GYgaI0QwZEC1z_rs4f_PKTBduQ2dGS8jxPeNXoB2U2IcqOAEq8OGDO2XXTHyTK7nysg_i67G1B_JRYs9X-cyVLCy3KThDSWi1xV8-_nDw9iNDGcVIRlci4vJ81W3NfUjTLfo6lYR9jrvujv4ZzV4pgVVCDrka4SK50Ue-EZpVD_NJ__usu2t97b4ClAnG_fdkS-f-TkdDWJep8jfpRu5lF9t0FMyPOFnywNeprM80mOXVrqx3R0aZlRblxfOO_bju2Hx6YUbhPaNnwORPkC-k0XKqA736c8wkgBKrRTeURJPzi5mx4B3OwP7tH29N6G1CmdO3qHZPhZQfP-5oPH2mTukMnevbtr4YIjedAZNt2vi-y227HEkhGbNW0ps6D39zAPHzXLk0Bza8diRBe44KnCz1Vm5z8znQjuW_eSf4BxMWi3sxQHqIQzxKIScjFR4tiIj9r4UOs9HdetQEE1Exv7NN3i4aKA02mvw_wwuClfcjZGw0yHkcU8bUbBu5sTJxWVxqafFsNse-iGxRMMemC1xIJqN3bTQ_cqDIE-pSJdg1uDAdq7n-APIIDV1NmPpnlxJl4BECLIqalh_hLQ7aYkFQSvJsUgOCEnPoWgExAg2ywY-B1_rsKlAcTYo787lwzrsHJE-DnyjhPhxi6hjhAlnY7eXfcN1YlppglyeWtylFxNDje2CfSf-2bXyrd3-70HLH-c4jdronmmpgAhrQQdCTwO1XBpwipBKHWkGa7cT7iKHic8Lqt8MhnBJaxkLA7Gyh2EJJXt-NTSC7syd2vhBtc1wNq8VbOxrOleEqEKJ81x1uF1giFr1k8mY2KOW0tebgKcnZbUePdLZF4eCZ9CpocaGySa3G31Q8Xb2J1KcNpHiJdR52ZnRvz7P-hwZQWscMz0Js1wedgajBLcYdthUq49zgmzgjt9HMJvg3bwKT-6U70EBI0Rk_N2Knwz8UCQyBQyP88ffzZTgiZmxW7BAToRE2rV4t63KI8rCx212Jm_FG65VTMTdvpG9RqcTxpbNWV3ZqvZLtqZTbgzpOLei13Zc3d4UZoiAQJpo13K7R5KZQNyFBWwNhpNtW1X3QHs06nDbcmU3REltPCqlTjL46A2Xx4GNEpIPOAD7yg6kgBsS7jrKXfP2BTBEl_UdZfLDYx-HV09BG_udZwRH8ywj1ES1YbrPW93tqOjm8uSRpW-w4ots-tPYhyUw2A5NPeUggtyCKzRt2QpTh_L-213HK3k99lplWK5fEhKJbxm-lOBM6ScPg1ILJrN0MKVxdHl_5gYZQ2EBGTO0SB_5CLVaA2r0TcGG3dtEiVfDngbnEHANYM2W1e8cvVOaInsYiItG9VSGtWqxvVfdWL1bCODSuqEhBZ0PTyKEljDvwS0RVt_WPRo6ByPQpttzxsPDEg-YuvpvAhjWHM4t2kxcMkoC-b7MfOze97BchNOsrjKUbWkxVxxel_oyiUoohrz8e2ujQy7wXey_IKiNWDD8DpD1MaRt4sxxDaQmBiNIaQ7yEvZCoD3rRuaXHsc4yCAxhupsxBQJ8KsBQzDijEomWEWXR_dURw_E2YkTP0ITy9bczPb15peNuUhwX8Ib3RN26Ge2CoqMJwJRZ-h_35tHZ2wR6PBLsRZMMwdk-6d4t-D0gOpgZKMyxyyp6kzKSYDyaN3Oh4gQpKH-N-f3NI17PyieGnT93ymbS_TlZV7iIX9rCDvSWnmzLUGs_T05iWIbocEWsspJ9-WWOV0ttLcuYU_1ORKa2IXSVmemZeBsDoL8ABgEDXL-xXHjTDG_NwkG0w6g6GC2npbQ0GkvPe5xOBFgMHOROUihR_Nw8vi-nf0sMCXU2urCFGkSBIBgsF68PLQXZr9Nud4QwMlTjdhmM0uVVUIdqVcIfog19uMDhPR4l2j4-a8eQz0dDGAKezZPxcetQEwVFYhmo-BlOH9CgFf3XTRgFEvR7Igr5atw1PoKd0VuETbU4bX4pDpcoYGFbDr40XocaBRciTOrMs4RXpjQHYYdUvtuXk4g74bdYQgAeoXUbMWB_4SyR6Vi7cctbG76pmS26IO5P8z6jf0JEeAdSxnberZHRY5xiz7ZaYJfyNgQX0IOOSyvY__nd8LwIco6HB-ycPufg_4-1w0XXUtpOvWsK05OREJpRT2IH8pt_yVBBnahOtr8AC2WWKqxTAbzWHI290EjOj79VVrNGyU7uMxe2R3lnamZXQ7n8VWue2wxW6TibpqS7C6ufm0vy4-oyLmKitI56i_cVGIB1_UBQq6wd--JQndzHNVLd9GZsC84h4oQYjycNAoc-WRXNwIcF4dFEqJWHUvadgv5uniOQNpGiuPAGe1CKpGlhHdppXM72vfDY-uBxNuZAeh0Gq3vWXXMGWYxOfSOFLFJf6Tle1l1_rC7J3nob3ZwYuTBabas4rd2CE9_u9ln2pOEdYeNZA7u1D8lEq4zyvIlCCXPmwDD1nt5Cn89hoOEY_5F8ggMyCYe8rHck-NA9zE6WNYf-Ge-tip7hIyKwiFw3W_aZhCs4JCqzGvISSIE4XGMalI187LEShVoB0YGRT_hDPZaslEs-8JWF_jhhoGOTT1bYDFEzzShLEfHFqkrTURHq9wi8Gl7XSKQYNFid5jxS3vz0RoECM6sfIQud-eHH9ZrwvH-MkGN&cid=CAQSTgDICaaN8XoIEfLE1Q6V3pqJmkSJ3GtjNO9jDrijuvotMY7_X5e-6p5Uxn8_nOgh4mshg_As4ClZxxEeRoGoVF_lsgk5SRiu09qe8nRPvhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwwwproxy.uscho.com&ds=l&xdt=1&iif=1&cor=11775103312522355000&adk=3430571818&idt=41&cac=0&dtd=3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 14:44:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
28412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 14:44:44 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjQ1Nzk4NAogIHNlcnZlcl9pcDogMTQ2NTMzOTA3CiAgcHJvY2Vzc19pZDogNzA0ODQwMTcxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDk4NDY2NjMK...
ad.doubleclick.net/ddm/activity/ Frame 6ACA 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDE3NDI5NjQ1Nzk4NAogIHNlcnZlcl9pcDogMTQ2NTMzOTA3CiAgcHJvY2Vzc19pZDogNzA0ODQwMTcxCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDk4NDY2NjMKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2RhY2hmZW5zdGVya29uZmlndXJhdG9yLmRlIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDMwNjQxNzgwNTgwMzk5NzM2NjIKZGVidWdfa2V5OiA3MjI3NDAyNzExMjE0NzQzNzQKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTE2IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogOTg0NjY2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDM3ODA5MDA3OAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDk4NDE1NTg3CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwNjE4MzAwMDk1CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTIzNjAzMzU0CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RhY2hmZW5zdGVya29uZmlndXJhdG9yLmRlIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vdmVsdXguZGUiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kYWNoZmVuc3Rlci1yb2xsby1zaG9wLmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0x5983cd2bda49fdf20000000000000000","13":"0x9958eadac0fe04740000000000000000","14":"0xa48b8cea857c46750000000000000000","15":"0xaee08bb18968ce60000000000000000"},"debug_key":"722740271121474374","debug_reporting":true,"destination":"https://dachfensterkonfigurator.de","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["9846663"]},"priority":"0","source_event_id":"3064178058039973662"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
impl_v99.js
www.googletagservices.com/dcm/ Frame 6ACA 		59 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v99.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 00:21:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
80177
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23872
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 14:22:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 00:21:59 GMT
dt
dt.adsafeprotected.com/ Frame B338 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8fda29e4-8b7b-9a3b-8529-f9099e249d77&tv=%7Bc:ub0ILE,pingTime:-2,time:254,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1436,beZ:1438,mfA:1441,cmA:1443,inA:1443,inZ:1447,prA:1448,prZ:1471,si:1478,poA:1479,poZ:1496,cmZ:1496,mfZ:1496,loA:1602,loZ:1604,ltA:1690,ltZ:1690%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:41%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:254,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:41,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B245~0%5D,as:%5B245~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c*.990511-61634099%7C1c1%7C1c2%7C1c3%7C1d.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1c*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV,siq:43,sinceFw:211,readyFired:true%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt22.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 2CE1 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8e38dd9e-d96f-1a1d-b850-f65ba9af288d&tv=%7Bc:ub0ILK,pingTime:-2,time:199,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1466,beZ:1467,mfA:1470,cmA:1471,inA:1471,inZ:1474,prA:1474,prZ:1479,si:1483,poA:1484,poZ:1503,cmZ:1503,mfZ:1503,loA:1581,loZ:1583,ltA:1666,ltZ:1666%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:16%7D,%7Br:r,w:300,h:600,t:110%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:199,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B194~0%5D,as:%5B105~0.0,89~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d*.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1d*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:svg.us,siq:17,sinceFw:182,readyFired:true%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt27.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame C168 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=7a654903-c0c5-b0b2-1465-21a9dfb53cd7&tv=%7Bc:ub0ILT,pingTime:-3,time:84,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:84,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B78~0%5D,as:%5B78~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5dr+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a*.990511-61634099%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1d2%7C1d3%7C1d4%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1a*,rmeas:1,rend:0,renddet:svg.us,siq:25%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt25.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame C168 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=7a654903-c0c5-b0b2-1465-21a9dfb53cd7&tv=%7Bc:ub0ILU,pingTime:-6,time:85,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:85,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B79~0%5D,as:%5B79~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5dr+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a*.990511-61634099%7C1a1%7C1b%7C1c1%7C1c2%7C1c3%7C1c4%7C1d1%7C1d2%7C1d3%7C1d4%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1a*,rmeas:1,rend:0,renddet:svg.us,siq:25%7D&tpiLookup=ao:wwwproxy.uscho.com*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt26.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 741D 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/17425118478164857034/ Frame 5EAC 		144 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1c38c9c0ad13cfe2d9e7eafb46ae69f40fa031efce5570266087babf59a7660
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
255710
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
23058
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 13 Nov 2023 23:36:26 GMT
expires
Tue, 12 Nov 2024 23:36:26 GMT
last-modified
Thu, 24 Feb 2022 10:20:47 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame C168 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstw3cBGgjAbwKBcE_BnueMUGMRqIRa39duZpxY7hUOcXZZvix766s2redPd9Ur_AMC2P1u4wvQ5MN0i7_WpYOjxHTy5hLPFU96KfcsDM7QgDd2SiPsBIN7V_kcUBiUIi68FaOD2qo0JYBY1xw9KXHI4O5PdLEyOSjUQRHB1SbmcfrcPIdLa1xzJvp_tFuDzSQD7BOUZGXZvXmyntjiBLjcw89Vb2iKB0unp73Bp8EvCJ3g0akChOClCdT4JmLfBJ9X-wInRt2SVJsiVAYZqVkZph3NflgZb6WcUeM9D-VpyDJxYacw24ga6q13tcOZ-NLcesf1-Ga_5dMicpDcAd_4CU-jG0bIXAeyiLLCrAiIhDsuvWr0TTX6QkVz3oZVS7OR6dVBKCYqdfcy7atWjirzYWin1NhESo4ZdCtLBAUP10ZwPJ1gIe-0QgrVe9zvMd9dWqGs0lDab8mUkBWuhHsCftBrpVwbDOK4sHzY-6tp3QLTUXwsz943UDpsSxB3RgfgIrYBe5x1AY9R_qmieqrXRPRDZKMap5Wt-yro0w4keqm116UP6WxVaQiCoNWs8W1leroMT8WqOCRXATnILJG3s-MsET4G8zODeSxmcv8Met86g3X3ttg8RQqRvTUEEZxJyfL2VetZkPC92-xojeJgbGKi7tNkcNqrgIQPZTj_Rj-LP9QTWWOGnqo-RvigDld1vpzBhVUOkEIOi1Gh2ue3o9lKJd-PuBmnRFI40PsPCgXQ1tSgYG5nnz7sYjb7gILl-Qp6DzhvSXvl5deNZfojcgGMaDdaKUKWkY8a7jRGvjvG9cH0wSjozuPoq1ZH5WF2NnID6noNqZ67fVVtcXz0_rj1b5tafI85PYpy5KiaBtGAD3e6455-1U9BKRDmzKV19bgBkoVW_94w8Kzv6IV-3fck-wMgw8OrgPvMhIk1u414Jos2a2g58RMbvMzLGgZnNIu1IT0e_jCSy3dvmspFXaX-acfVhXcvo546ME2CxcwPOjuhAQaZF5eDP0es0PbLf7OJESdB4ggnWGRh24Fc2KCjsA-S3Z7FFraGPe08aAwezxy2RM-ROYGaIQic5GUnllsnNNtwbhwQ1X0-wht3n1ErzuP0hp4PCvj_hWgZsEI7Rw3YUyfONP2cIymuxaxkAKhkYktW2blsXc6c8rxNcPXcvZheoX3-g7gPdeUADY4rfzbMsoIf1RlLkrNS6oK4WrPln3z1PI7i14SWoXKG0fn6zA_OwtGPFAJXVAODiMBrw87hmWESQDZbTUXQ_cjwhUP2B4CYwIO6ngG1Q9fEILo6YKrP4vjQ-zMMxbdg9uf429yC7tThlK0GsHEHMVXsmpZwssE0iRgZ7Avgz3_rBoWE4_n6z89Jr59TR7uQJrqeFaA8SOjRbz_RDwPEa8x3vLDBPyLvbn5qzv8oIy0DqwqITIIWWrFfF5R3MAPL7YoK9C3NLwrmnw5PFi-66jEEoa21JQd-H&sai=AMfl-YQ-zHssVzfRfFbGHUUQuqJNGavT9b9iU6M6kyCCPlwllxmiyh2h2rmux9pOka5Y1RHs202Ue5yL94GIvc7gemepeE_6Xf-bnBRX4qZ0OKsKv9gpZy5e55DcJkYsZXwQyExjiw2W3mB1f3ebBBnK1mv6BOfk57jvwWzjk5OrN8FKbbMLBK6jMMdEjGKPJ-5ga1TQc5KweHWjPnpugBH8i_9YnRmxX4-b45_J2JtzQq9Vi0_55JFJoYAFk-9ZxuV306AvtcQU7n9Qq0ZI6Gzrv19aRwk0G-aFy8veqq_NvWv5K_cjD674aGrPCK83LkGgfA&sig=Cg0ArKJSzAX-1YMTLNeOEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=462&cbvp=1&cstd=461&cisv=r20231109.64322&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame C168 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=7a654903-c0c5-b0b2-1465-21a9dfb53cd7&tv=%7Bc:ub0INy,pingTime:-2,time:187,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1696,beZ:1697,mfA:1699,cmA:1700,inA:1700,inZ:1703,prA:1704,prZ:1716,si:1721,poA:1722,poZ:1741,cmZ:1741,mfZ:1741,loA:1781,loZ:1783,ltA:1883,ltZ:1883%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:187,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B181~0%5D,as:%5B181~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a*.990511-61634099%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d.990511-61634099%7C1d1%7C1d2%7C1d3%7C1d4%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,siq:25,sinceFw:160,readyFired:true%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt09.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
request.php
hal90003.redintelligence.net/ Frame D397 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90003.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=aef31fdb71&subid=&uid=c8b2854eab80bd3b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCudPu15lWZYzTFZ7C7_UP4P6boAWm5b2gaa2VnKfJD_AuEAEgsMjAIWCV0qGCsAfIAQmpAp-bbFKUM7I-qAMByAObBKoEsQJP0Kr5Y8tvTgAN-vmMdjmkddqNesNaJSr8Ws4vXHDlxHtpPCh7kXBITRne-_aVejE-xFtKdbfYmZf2UxrqLPdmfANHyoVriENs2Y73Jhz5GzOLFKByG4X7rK36bR-NdwOSaEIr7nn3iU2GjScJkILeObVDJ61gk4nc1a0foOyF0KVEJlqQf5_n7Mkqf05QnXccCZ7IshKhjn3ttnpYE90Y8p3BOaR_I_LoKODY7Kzj8nuUdElRTi5Vt7bGiitrUVkDxK6xw1TaSTBRTlky6waEjQrR2aeAbsxDE96c1qTfDBMQj6hqbnUfJ1msnFClhRdzWQXYR63CTQUAllK-Rv_ZqVO_kEZB_y4ztee80Dzv38z9rJisig7cXj2Dr65YLY9dwNkfwPb22ohSTAFyvuH6u8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJEReINEwiFpqbnysmCAxUe4bsIHWD_BlSwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNQI2CWfzrha5lUseqemBWCVbBjVHLChtPIMDgi4Q-oooDU-Q3ClGhYWGw45pjJOUJcDD-9KjxF4RE4kW1hD7ZVbXdUdeTd11TVXYYAQ%26sig%3DAOD64_176092UpDi2XI7qGkEHtSvVkQp1A%26client%3Dca-pub-2697679518515886%26dbm_c%3DAKAmf-DvRJ1g5MGIdSd-a3ykyOZwQNy76-_FTIECfQOlF5-98WHu3fDmFSHVOAwJTxW8PVd6LprGdjDj2_yhhoceFZD3GWYPVhbOVHd-eTVpRLw2mVe6zTs7LtbKUasmB706_AbPY8Typ_DSTpeJcfhAvoxjZjqWCugDxGCO6OjkCKtbdo1xtbY%26cry%3D1%26dbm_d%3DAKAmf-BNxRu0b9DKjIY0mKfwRtIIzdH0Wxh6PplcpDeGzXqyQGC8Xl74iNPlLLvRyzDhanXZ_G0Q9xGvvcimtIXWJ5GVqZGMI2Zo5oxxWpmuGT0NGhkngY3Grcw0DiA6vLUft8Xtls7lQXAPnKPr_q4yGg9X_u2IiXmw8ESqbgVYtTXkZVoeLxso5eJIZbwq_Ixoe7VtgwROb0YYylhbmeB0dq2Kqv73EXgDggtIm9Dwk3kQke_U9auCQxq5W5jh9LBOVZhLS7bm-Zp1V3w5McmdItDz86ECh40sC2XgoDGg2MSj3SlS0RYmID3J-v1htFL3WOdQK5Y9B_JJSjWJ4vzJCSQGpYXQG1GgJRndFYX32uFZSC3ePjX9uWAy173B65wjKZYN1uDcIITVlNK-99CgfzwJokz6YhRZp7UBFk3kV9Mcs4uK1KHuabf2QYCXN0yX1KqlMx98AjuWtYFOuW_jiq-STdkkxOL1G_-qKGgKtzXTK8Wyn7t3zrLMF47yGDx7neeud-Dc875hjvunKcQucnGJ1rHjw7TuSlUc4i7Z2wsSxI6ftWA%26adurl%3D&documentReferer=https%3A%2F%2F5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwwwproxy.uscho.com&random=3924933559480&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.117.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
f470d391494b15a7bdc6e52316c4fe6c86b23e8094376ef517f4aace42a86380

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:16 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
54424000164569404444554012510003
Connection
close
Content-Length
875
Expires
Thu, 16 Nov 2023 22:38:16 +0100
csi
csi.gstatic.com/ Frame 770E 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvnbg&chm=1&c=3975831450135493&ctx=2&qqid=CIGfp-fKyYIDFTij_QcdDXMDhQ&met.4=fb.4m~lb.j0~ol.p7~idt.n7~dt.-bg&met.3=374.lp~113.11q_1~112.11p_1&met.1=1.lp1rvm9r~6.3~7.3~8.3~9.3~10.3~12.5~13.j~14.k~15.1c~16.ns~17.ns~18.nt~19.p7~20.p7~21.p7&met.7=CBsQCBgBKAQwFDiLB2gFcBN4iReAAd0UiAGSMLABAbgBAw~CCgQBRgBIKgBKKgBMMYBOB5oqgFwxQF4igSAAd4BiAHwBLABAbgBAw~CAkQChgBIMMBKMMBMNQBOBFoxAFw0gF47kqAAcJIiAHYugGwAQG4AQM~CBwQChgBIM8BKM8BMN8BOBBo0AFw3gF4qxqAAf8XiAHoO7ABAbgBAw~CBsQBBgBINIBKNIBMJkCOEho1AFwmQJ4rAKwAQG4AQM~CCcQChgBINIBKNIBMOMBOBBo1AFw4QF4nW-AAfFsiAHpyQKwAQG4AQM~CB4QChgBINIBKNIBMOUBOBNo1AFw4gF4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBINMBKNMBMOQBOBJo1AFw4wF4iUWAAd1CiAHwoQGwAQG4AQM~CBwQBhgBINUBKNUBMIYCODFo1gFwhgJ41gKAASqIASqwAQG4AQM~CCoQChgBINUBKNUBMNYCOIEBaNcBcKkCeJ-BBIAB8_4DiAGo1AywAQG4AQM~CBsQBiDWATh3~CCkQBhgBINYBKNYBMOoBOBVo1wFw5QF46rIFgAG-sAWIAb6wBbABAbgBAw~CBsQBBgBILYCKLYCMPYCOEBotwJw9AJ4rAKwAQG4AQM~CCcQBRgBIMMFKMMFMNMFOBBoxQVw0gV4oWiAAfVliAH-sAKwAQG4AQM~CCgQChgBIOUHKOUHMPcHOBFo5gdw8wd40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 766E 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 8ED5 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
DcmEnabler_01_247.js
s0.2mdn.net/879366/ Frame 5EAC 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:33:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61496
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10136
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 05:33:20 GMT
csi
csi.gstatic.com/ Frame F37B 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvnd0&chm=1&ctx=2&gqid=1plWZcH-MofH7_UPyZ6qgA8&qqid=CPWNmufKyYIDFYuN_QcdFpkH_A&met.4=fb.p3~lb.111~ol.18f~bdt.-158~bpp.-86~idt.-6~dtd.-1~dt.-87&met.3=492.pa_1~555.158~556.159_1~113.1jz_2~112.1jz_2&met.1=1.lp1rvlt0~6.1~7.2~8.2~9.2~10.2~11.2~12.3~13.ip~14.iv~15.n1~16.159~17.159~18.15b~19.187~20.187~21.18f~22.sp~23.sp&met.7=CAUQCBgBKAEwpwU4vwxoAnChBXiE1gKAAdjTAogBmLEIsAEBuAED~CBIQBxgBIMIGKMIGMN0GOBpoxAZw2wZ43AuAAbAJiAHtbaoBFQoTR29vZ2xlIFNhbnM6NDAwLDUwMLABAbgBAw~CBwQChgBIMMGKMMGMNQGOBFoxAZw0QZ4xwiAAZsGiAGIDbABAbgBAw~CAkQChgBIMMGKMMGMJsHOFhojQdwmQd47kqAAcJIiAHYugGwAQG4AQM~CBwQChgBIMMGKMMGMNUGOBJoxQZw0gZ4iUWAAd1CiAHwoQGwAQG4AQM~CB4QChgBIMMGKMMGMJwHOFlojQdwmwd4gAyAAdQJiAGBFbABAbgBAw~CCoQChgBIMMGKMMGMPMHOLABaMUGcMsHeJ-BBIAB8_4DiAGo1AywAQG4AQM~CBsQChgBIMMGKMMGMMMHOIAB~CBcQAhgBIPwHKPwHMI8IOBRo_Adwigh416sCgAGrqQKIAaupArABAbgBAw~CCgQChgBIIMNKIMNMJINOA9ohA1wkA140cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:16 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 6139 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 790F 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B338 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsszkmbCqQhE8FySTd6KlEcvTKxKs4jEz0d2Nt0YNvaHxaI4w-JiZsFgW-zEph70MVB_8mOj-XX7uqAShOOfAHDU5VP1wFYloD-qrtD1mwFIjrru4B1vbDU2n6aIPDhFFg21wYS3hsOUy612HGO-2dHOZCYXOUVar_uWYljNyoZpm_5XKwSVzhC-Wv0dwgfIRePrDBCxuSbIuUbugfrAUjMPizcWXX0_hlRigA2vJUG0Z8mpFTCEjytaUB6aAvnw0uWM5649_gaKgxcNl_hCXsePgzs8TsT5O29I8MD-pYFM4k083vV9Vo9HVacDxyHfMqMUylAtRJdlZQnTOM5q_X2TIslQkfHvCDekoElwYg1Trc769H5x4yAGt7Guv10vQWzF7P7Fyhkk-xVs4sug0qfLHkbGECzlsi4je1OzwqY6tluIzrXmk4_fvia0Yu4_tGoOP-wF5ktuI8kyZzYQAPRqYVCrXLtao-gtugkagcRbzPs_0CvyO4fk2tE55ZlanTS7gCmRxV-0WhLDTu-bf_7TJqnziPHSYcdSZHNXbD1kq5Q25VU1CGBP-dSzzex7Sq1MNYgynicbVI3IT9WyKaps8kp2nVcXfYgfxMo231XB7qMoD-_XyLGd_sB6g8W9EVfWXK8RRqsU3mhi1KsOGc4k29ukshKCZXRBV0CndHrERPTGKd44UD1_jiRnk8W-qwRpHvsl35sLOzz8aPz_lBjcUhLj4wR0pPMI7f7nBv0z2KutmRloe4ZRRgY2bGXpf046B29zYwDOJyVeZdmJxLEHoEeX-1mQt80ffAtKbzkCfllkzKLbesmk6CMw3FSANFfId2p4uU_5Yg6PTTSC7MAxeFdycMQ8BMRb2noxxNP8F6Mt_SJT1livMrZbln1fUXxaey7iW1LnDBtZEzVjrtftYL8loLrsp52VkF3dDZZQ_VEdPBQ1dBS1mGslriYoMVjA0yWEs35-7V4qGppb8KzDKMhDsL4BiCqJ-3jtmDzqCw4ka_M7TKli50E3H7VLtrqZCpxvvnoo1Wy_Gjex3ZufKYvjvjVE-vxcqedZPrS3eKckXAX4qyOQ_FD4tbTEboemo9pogeVS2OPUCpAAAgCoehsArvhyVlQa1J1VkBm2tvtmz8RIp7pqsHKzLAozgdQoQeKOpu2kz-jWPFptJ2glm2ovdoaZrHMHT4d_1TVk59_Mnh3Fp0rD0rplQgggWAMj9ABGAgg18rULqQRifcfE2JkBll_C3B-fVEhEY3beNH4VauVWjFQ5_xWTDGzbk4XMGX57RAZ-11jdN1ZbQby5F6l6avvIpFwHcCiFWT9qjxd-bkgeLDrlQRqwemnwz8Ar4JVeBEv2PSRndwpvarw8Y5YXnrIGuhCD76Txn7kVBaqB0xhYNhrBpxMPpSxQiM5XBsc-UYvHgBQbrm0jbrVXR4dNkcEGpFagoxj8HDnBlrQErBeCU9nLEFTaFnJrjPw9HLZkO3elx-FO-tXHvzo&sai=AMfl-YRMmt1GkG-o2n4qOh-9ybFlZaxWHaWCf7grBbYA2ubrm66n3T58KkZbVgTpmAb5pSWptTZ9xeOm8YJzy2Bt8jbvzXquV4BbXNpRgNpljj8pvY5HG0IfET-O5WpSasMua7kZeeWDgnO4pr72bbhiw4PvUSA8xqk2OTM56HcbFjRT8HVU8iewrIho-W8eT-HFuky9RNA6Vx59WFkBdYzZVfcaqY0kjbMyIh3yFu2DICgobbohZSKd81Sejux8fAPXJ6YeUPlDomA8EiALl8nR2lcqE_7TewTKb-2LUKkhtlkE45Z1m6WxF6-0cTrtdA&sig=Cg0ArKJSzL4kqBu72JltEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=798&vt=11&dtpt=485&dett=3&cstd=311&cisv=r20231109.49751&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame D51A 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28411
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view.aspx
pb.media01.eu/ Frame F468
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=56038700178904204444994012510019&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
0
606 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:17 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Thu, 16 Nov 2023 11:38:17 GMT
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length
0
content-type
application/javascript
date
Thu, 16 Nov 2023 22:38:17 GMT
host
pv.medialead.de
keep-alive
timeout=20
location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host
pv.medialead.de
server
nginx/1.17.5
strict-transport-security
max-age=15768000
vary
Origin
x-iplb-instance
40028
x-iplb-request-id
B2A2D18C:D2D4_91EFC182:01BB_655699D9_537BB03:1A42B
/
adv.office-partner.de/ Frame A985 		930 B
923 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=604800
content-encoding
gzip
content-length
552
content-type
text/html
date
Thu, 16 Nov 2023 22:38:17 GMT
etag
"3a2-5c1ab16b3be00-gzip"
expires
Thu, 23 Nov 2023 22:38:17 GMT
last-modified
Thu, 06 May 2021 15:37:28 GMT
link
<https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server
keycdn
vary
Accept-Encoding
x-accel-version
0.01
x-cache
HIT
x-edge-location
defr
view.aspx
pb.media01.eu/ Frame D543
Redirect Chain
  • https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=56038700178904204444994012510019&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
0
178 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H2
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 16 Nov 2023 11:38:17 GMT
server
Microsoft-IIS/10.0
access-control-allow-methods
GET,POST
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=15768000
x-iplb-instance
40027
content-length
0
proxy-host
pv.medialead.de
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server
nginx/1.17.5
host
pv.medialead.de
x-iplb-request-id
B2A2D18C:D2D2_91EFC182:01BB_655699D9_53199A5:1E87B
vary
Origin
content-type
application/javascript
access-control-allow-origin
*
location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=56038700178904204444994012510019&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers
X-Request-ID
access-control-allow-credentials
true
keep-alive
timeout=20
e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame D543 		43 B
666 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=56038700178904204444994012510019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
145.239.193.130 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.17.5 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=15768000
attribution-reporting-register-source
{"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server
nginx/1.17.5
host
pv.medialead.de
x-iplb-request-id
B2A2D18C:D2D6_91EFC182:01BB_655699D9_5378341:1A42A
x-iplb-instance
40028
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
access-control-allow-credentials
true
keep-alive
timeout=20
content-length
43
proxy-host
pv.medialead.de
cshow.php
www.awin1.com/ Frame D543 		43 B
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=56038700178904204444994012510019&pv=1
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=wmoiqux43uzw&nw=20&renderingType=javascript&namespace=8e84cfde40&subid=&uid=cf71f4426aaba54c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCvXvm15lWZfPGCNHU6gSF2LmICKblvaBpvZOcp8kP8C4QASDhj_UBYJXSoYKwB8gBCakCSyvHseQ4sj6oAwHIA5sEqgSjAk_QEVPID77Q78eR_spigPTyyhXjIXNli2uUvxvXs9AbVql8f2kmLDNufr1bXfmtv-mLc733UDplZT0aZREdEbnHlbU2p3X0Yt9DsN8lgRldKr1qyH-tRJ7irgfYsG7N-ziod7j1i_Bnulke7Il6jaPx7l8lSK5ibXnkJGyWZK7TiLiKbjhj2mAuFiLhZ2zXG0V0PQzHlx4ksfmPjEws2_NcfKOEQsmgIyhRvhGM8STH1ias60B-bW0D6k-mSj_U1SnOowLCx4cNcysUfHRaigElSuWXffBVRKGTDQOIo4rFmWwNUueczGmrKeHeTvMk0Rxxfvb8x42Lq0ROVXe1dgjRQ0AP4icc6BksROS4zKWiLMxg9DUSj9Z0qjgO_Q-xkeezl8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaIMECoOCgzktLEC7rWxArW4sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaN2L9FsvdcBiEFjVnfExtDVPdZbzFlTL6bchHkv6J9tiXv7aAwm0r6I9dEkBEh9hiE9iwSP8T9peWC4CNIMLEX9zrGuqsEt5ndZWAYAQ%26sig%3DAOD64_1CFF4rQMeD-rfA1trzQt1cZZHvZg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-AHcI0_4a0Ky2mraMvi71o7l6-xcdp51bO3GIQAYTtV-o5JT4rvZFQv0qGZ6MhbSiFvKlfVZJI5f-ZPuOlrw_jsAK2LL6-6s4t01zPR5BSjaWmducWLIrjCoZA3IThS_3mPVWQH_5B0RcY1JMD7jsNA3tCZxQ3lgtDc4K4ooyyfOLKCH88%26cry%3D1%26dbm_d%3DAKAmf-Dpq060XmH6F_hrPDDV5MOBFjwwa6-68vzUIUdRs-B0ODtO6L1yhphrgmIyrs-7oHXTs7xu0uO8C4ocb7CiYkNYX4kqE1x8U8QtDyfBltfe2zG_1cdogoFLEb8ic7fVQnUAAs5KKba9rb8_05TrhBi8B7_dghXX6KBq5FsRbTcoCQbTmPjBZ_0TwOFnjY9CKvgtCEIXnzfCXNJzTErp-eeMyxfvwLde5ZjVY5LUd5pFywJ7nGds1TTUdaknL3nw3wqTqHlxAySZFekkbevSgkiFn-2Eo_dhH5cy-OkCaw103wa7puxKcmF1HWD0BltMflp-PVEPdNWICUVzNfR2HorE67k-emZMA3a78af2qLuvWeG5f7Hpn7tYha_Wk4N7ldYKH-fYK0tu9S5UzKyxQJXryNcxoP3WUCxZ7MSwQF2dZci3l-NhxyQ8VKGsrh0cCjsli6TQOPNbG3qXuhqhpYhs5LR6XV9OL-Bl8Juf41eFfif_2Rv7wLlz-pZLRYJRLS_z3J-Emfz_kELZE4owpQ-7vXD40SmzHl83P3TjGOWhuxO8QLY%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-4191647241486880%26output%3Dhtml%26h%3D280%26slotname%3D6384904019%26adk%3D44889110%26adf%3D2185445919%26pi%3Dt.ma~as.6384904019%26w%3D650%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700174295%26rafmt%3D1%26format%3D650x280%26url%3Dhttps%253A%252F%252Fwwwproxy.uscho.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700174294529%26bpp%3D2%26bdt%3D1194%26idt%3D569%26shv%3Dr20231109%26mjsv%3Dm202311090101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C1200x280%252C300x250%252C300x250%252C300x600%252C300x600%252C300x600%26nras%3D1%26correlator%3D2280687409296%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D2044206632.1700174295%26ga_sid%3D1700174295%26ga_hid%3D1637000408%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D475%26ady%3D3180%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079606%252C31078301%252C44807764%252C44808149%252C44808285%252C44809057%252C44809072%252C31061691%252C31061693%26oid%3D2%26pvsid%3D3975831450135493%26tmod%3D577653650%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D8%26uci%3Da!8%26btvi%3D5%26fsb%3D1%26dtd%3D572&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwwwproxy.uscho.com&random=5190365328743&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-205-163.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:17 GMT
Strict-Transport-Security
max-age=86400
Node
Helix
Content-Type
image/gif
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
43
Expires
0
B30678728.378094554;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=3430571814;ord=6yce5a;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVotl1plWZbCMMtHU6gSF2LmICP2e0K5z883ttvcR...
ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/ Frame 6ACA 		79 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/B30678728.378094554;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=3430571814;ord=6yce5a;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVotl1plWZbCMMtHU6gSF2LmICP2e0K5z883ttvcRv8qivcABEAEg4Y_1AWCV0qGCsAegAd_oy7ACyAEJqQJLK8ex5DiyPqgDAcgDmwSqBKICT9CCh-tg2CIzIei1ECK69htaeWDv2ifrdqj6PoRFHh40Z4KvRyJ5tKX7Fnc8mV5TU8d6Kg1LBu72dZPKyGblyufaYZ_XyxlfSqFewkiy-QrN1FoEGGFobQ2gPGdkD39-uMvy-bEo4xrn1kXi6Pe_DFccnLxUJi39a9GECpizAw_ouZ5Ntioa7yfN4Z_iJjBnXaFvpCDY7Z_BCBU0x5OpxKjcaXq2EP7OA3s6Y8VPIY2amz1de7_7dsq8pzbTROHQzj4eZ8VTnJF01v1cnvrz8u37Fz19_09ROBASf1CqdmcLvUY_hBtWXqinwNOuxKdLDEAkfRXiZASE5b9lysv8bTzD3IQdh37h9qCF06G1iQaG7yHBaM0OK24GgybN10ZlgQDABNu_jY69BOAEA4gFv5XJ50yQBgGgBk2AB4mXtM8BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE_PRgxXIE6fP1-MD0BMA2BMK2BQB0BUB-BYBgBcB6BcF%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN8XoIEfLE1Q6V3pqJmkSJ3GtjNO9jDrijuvotMY7_X5e-6p5Uxn8_nOgh4mshg_As4ClZxxEeRoGoVF_lsgk5SRiu09qe8nRPvhgB%26sig%3DAOD64_362ueWta8WAMSa1dLP6pGrRyS4Qg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-DMEywtHH1uaJ63962G33QFFhcpZdJPuFr4-Yogn4ijwNw0HrdGPMAJU31AZQiwF7pPMxcVnG7O_w8dz29sS-yelv5nz60oe5z62ZqMOb99oHIbEbIPu9yaS-A_CmB_LAeNjOgWd9JbXR5Tf-_ckWg5A8G_nDKFRIUz4TVFLJ6bqCLGHHK1PgbC0b6ZmpULy4w4WL1V_V4zHSvMqyape3rWIzopmA%26cry%3D1%26dbm_d%3DAKAmf-CsWh073Mp-kSQRRHzOxzuPJfoyN-fEzabEVY0mc7-qSojqbZryCyGORghj6dUXCOdtpwhP7EgOcUBujYp8yIynXMbIVZH34mxpzU4Un_SHo1dt8_361QtRum6ukUZ-Juv5FLsfLn-VNp4JTRrAWqyz0TomMYpcEvxaB6ePs4bA9LKM47CIBtrBuXXWw2y-IcpX5pQ7fAPATxgnbUE9ft5R7SwOzSpkQxEt6FHq5Gctz3TjaTM9aK621i-EF0xvZN9i3EyZK7h1_AnRKo1GafUfR0KUDJXEvCiBRXCpjsr2_RbDSD1F1GIOurRggtWS4hHC0wY_M0oVxf2n3XZwLHEs4XOLVjNi3f1sw8IY1bQnmViichqCdRm6rpJI6gWI0fWq5ttbyzUWWGtxYU15annDyHxeD0KzF8nWMxbNnSGRdaNBJkkAWvrxBXPp7V60yc8EaQUUIHa5gD9v_6LRQ6K2FfEz2SytS6yKOanXwbvCqRUQqp9E1cB4q0DkkoTnhnDgSH48ffyua2bx81zzUHkamK88JfSLal7Lob4e6bWelC7lUbhMsriewkJQtvpS1LCTdxq8cQx-43pj9hBY5zqbhRIE-A%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=2,https%3A%2F%2Fwwwproxy.uscho.com$2,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271801%26client%3Dca-pub-4191647241486880%26fa%3D1%26ifi%3D12%26uci%3Da!c%26btvi%3D6$0;xdt=1;crlt=-Ghck0dXED;stc=1;chaa=1;sttr=253;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v99.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f6.1e100.net
Software
cafe /
Resource Hash
5fc9bf0931aff1665e74a8a55a21624d002ad118bb72a5b6800d7aa2936982e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33146
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 2CE1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsssi_GRduVAEkV_i_nC81Z48Bcke14TncU6_DO04ksHRtnWwJ_gOoO6qg2axQpJrTi0-_5OrqAog4jFnnQihjT90VtLfFkaxnENankACooL17XuE8FqaswUzWzRW3QaIVPFNvWCHY6WRYQ9DX4Hg-b8B3X4oN9XYcScr7G1bOWGdTBGNWTiBI-fKqevJuR9Tuc-beeDatdwonMPHe8WMDEjYYd8_poozwS6nY-tGkk3dtmSubEjsESLHVGmjiLnTaftFeJjPa-9YsMP6L0McRbPsl9LYNVf8uN8DvudJklkp4VlQGuynFKQ0BmmC5TM-7DT-l3Kv_9KqhjHe-EpFFa61GDY3K8n6IlYBmYqKt3wTPwVHG4C3StX7jHJBkS0Fc5FC0gRnX-1nPqARlcOjlHsdNyWPoceiUstp6QHW1lasutxJ3mYwKl8fYXsoK4nVOasrkCc2GMD0J9LzMGvW0wIgm5NqUzLS1RtEHPQAw8ZeW2_Nks9_FOHBNOv1c4QmhA5JfQ-ZZhJ5SGQWIvLE6yKfuyTCmR_9fyqm0SmoARsf401lv9plnZVZ_XY_Lic69To2rsDrFRMrXt_a5L-Cj27N7umHtEdG5zPLCBbqe3xy_wBhMbhV6weThujFOE-qZFdsp50cCP_n7K1e8jaYM_6A_YgSah2zoO24tv9evM2WGhcuqsrGrRIlqhLGFY21UrGuPQJ_NfSO8_5rYBNOA3UYKtl_4HUjGn2f4m-OPfsLZalOn5KakEW1zsA7cel70Vmv4q7SqHYFYE9NbzzqWdjF2aaSF9ACf4MR1sBx7b2gkIMrzKLhMZwSf-PPsvPxwR4oWUz0cNrdoc4ZMOqebdoEFBmYuNtCTrvlUECdyTvwNrTmFiw7AZMT2U5W5h1JcB8wWTjmryfxUZgWYVG2--xFGZz2zGq3WZiv9EzURoJwODAaI2ePfGFFof6knTYpW5EXDXFC9-rUg0Gb097kNtNupYuBfHrE5GHC27-9WOFv93KesuMaV9CmC0sQXXucfExv2puEPi3q5IDVBkpZPn0CPZq0vypZnEgWgpR5cSWouDokVjloficFyVlVzG7xoXf6RgUGrmajncMwZAleC6QYRJSCu7QIyCMBsKFMKw6-IW0I1-D-bayLYESGlAv5HSdaz3fHtk60XZbn_Y07XD-xvYO2VWetNwGM2UKxHF56wrEVzZwbbw-i8O2AX34Oz_y_zy_e93-OiB7Rpid6OAMzx10yWInjGViLLowmGlqh_koKiXPEB4EXEsf6Tc9pWrXOQ0bTLTxYdAbv3a-BVFvFCZ_DjfFVlrsp-Za_E_D0g83wvjMmHRByktucfnO0jmMQt6x9Whc4DmcAHlCz4fESopR4fpdMd_3FukFhvnUD21Yv6s-Xe5n01wc1LFhaRLYmLtYW4Zzmi4Odqwhtqla7x4eaIBO42jCxFmIt7mdCCosYmc5IYPsB1IdalbOg6FNBWCmPwrbRjXjvaSuiCE&sai=AMfl-YQ9sPjhxFpRZt6BlGz4OKO_TCQiKJEahUE7YwJAw4FZSXOf8d24jmGQBoo73Hs-ucQl9awq7JEWNcM8_1VI_9BHIJE9hnWxQdvKS0N7774Gj8yH5BJdpJRUPpebway55P-kMEE2ipUFOi3_TStEQjQzekyZR6TLn5t0YFEIIsgxjQQJsxAnbiYMRQ7bRQeavY28jovtTTUqX2FZee3VSFRCVD91Rz8pWm68_JEnPWM-k9dQJlK3SSC8335MX4TpqqXv5NPC1G8jPoj4BlhwabFDgJeNIVjTislWfsH_XJm1RxTcqZYIuvPiQ5PmjA&sig=Cg0ArKJSzJm7LUoZrRhbEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=821&vt=11&dtpt=389&dett=3&cstd=430&cisv=r20231109.42297&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 741D 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 9173 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1056
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 09:19:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 9173 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1288
x-xss-protection
0
last-modified
Thu, 21 Oct 2021 13:24:58 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
head2_3line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 9173 		11 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head2_3line_paare.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba9e143db781b645a27217f7205e9b2e51ba525c0458ad50e3868d695cc27fa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
721
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3285
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:41:16 GMT
head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 9173 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1610
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:51:11 GMT
tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 9173 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
646
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2072
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 07:44:21 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:31 GMT
300x600_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 9173 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/300x600_kv_paar.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fec1d82b204775d2e2ff9fae80da6c932e9a5dbf9fea4e4e9bdfdf48e5dc2eeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:31:12 GMT
x-content-type-options
nosniff
age
425
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38190
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 09:52:01 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:46:12 GMT
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame 766E 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C168 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstw3cBGgjAbwKBcE_BnueMUGMRqIRa39duZpxY7hUOcXZZvix766s2redPd9Ur_AMC2P1u4wvQ5MN0i7_WpYOjxHTy5hLPFU96KfcsDM7QgDd2SiPsBIN7V_kcUBiUIi68FaOD2qo0JYBY1xw9KXHI4O5PdLEyOSjUQRHB1SbmcfrcPIdLa1xzJvp_tFuDzSQD7BOUZGXZvXmyntjiBLjcw89Vb2iKB0unp73Bp8EvCJ3g0akChOClCdT4JmLfBJ9X-wInRt2SVJsiVAYZqVkZph3NflgZb6WcUeM9D-VpyDJxYacw24ga6q13tcOZ-NLcesf1-Ga_5dMicpDcAd_4CU-jG0bIXAeyiLLCrAiIhDsuvWr0TTX6QkVz3oZVS7OR6dVBKCYqdfcy7atWjirzYWin1NhESo4ZdCtLBAUP10ZwPJ1gIe-0QgrVe9zvMd9dWqGs0lDab8mUkBWuhHsCftBrpVwbDOK4sHzY-6tp3QLTUXwsz943UDpsSxB3RgfgIrYBe5x1AY9R_qmieqrXRPRDZKMap5Wt-yro0w4keqm116UP6WxVaQiCoNWs8W1leroMT8WqOCRXATnILJG3s-MsET4G8zODeSxmcv8Met86g3X3ttg8RQqRvTUEEZxJyfL2VetZkPC92-xojeJgbGKi7tNkcNqrgIQPZTj_Rj-LP9QTWWOGnqo-RvigDld1vpzBhVUOkEIOi1Gh2ue3o9lKJd-PuBmnRFI40PsPCgXQ1tSgYG5nnz7sYjb7gILl-Qp6DzhvSXvl5deNZfojcgGMaDdaKUKWkY8a7jRGvjvG9cH0wSjozuPoq1ZH5WF2NnID6noNqZ67fVVtcXz0_rj1b5tafI85PYpy5KiaBtGAD3e6455-1U9BKRDmzKV19bgBkoVW_94w8Kzv6IV-3fck-wMgw8OrgPvMhIk1u414Jos2a2g58RMbvMzLGgZnNIu1IT0e_jCSy3dvmspFXaX-acfVhXcvo546ME2CxcwPOjuhAQaZF5eDP0es0PbLf7OJESdB4ggnWGRh24Fc2KCjsA-S3Z7FFraGPe08aAwezxy2RM-ROYGaIQic5GUnllsnNNtwbhwQ1X0-wht3n1ErzuP0hp4PCvj_hWgZsEI7Rw3YUyfONP2cIymuxaxkAKhkYktW2blsXc6c8rxNcPXcvZheoX3-g7gPdeUADY4rfzbMsoIf1RlLkrNS6oK4WrPln3z1PI7i14SWoXKG0fn6zA_OwtGPFAJXVAODiMBrw87hmWESQDZbTUXQ_cjwhUP2B4CYwIO6ngG1Q9fEILo6YKrP4vjQ-zMMxbdg9uf429yC7tThlK0GsHEHMVXsmpZwssE0iRgZ7Avgz3_rBoWE4_n6z89Jr59TR7uQJrqeFaA8SOjRbz_RDwPEa8x3vLDBPyLvbn5qzv8oIy0DqwqITIIWWrFfF5R3MAPL7YoK9C3NLwrmnw5PFi-66jEEoa21JQd-H&sai=AMfl-YQ-zHssVzfRfFbGHUUQuqJNGavT9b9iU6M6kyCCPlwllxmiyh2h2rmux9pOka5Y1RHs202Ue5yL94GIvc7gemepeE_6Xf-bnBRX4qZ0OKsKv9gpZy5e55DcJkYsZXwQyExjiw2W3mB1f3ebBBnK1mv6BOfk57jvwWzjk5OrN8FKbbMLBK6jMMdEjGKPJ-5ga1TQc5KweHWjPnpugBH8i_9YnRmxX4-b45_J2JtzQq9Vi0_55JFJoYAFk-9ZxuV306AvtcQU7n9Qq0ZI6Gzrv19aRwk0G-aFy8veqq_NvWv5K_cjD674aGrPCK83LkGgfA&sig=Cg0ArKJSzAX-1YMTLNeOEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=804&vt=11&dtpt=342&dett=3&cstd=461&cisv=r20231109.64322&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
htlp
futalis.de/ Frame DDAE
Redirect Chain
  • https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=54424000164569404444554012510003&ra_cnt_active=1&ra_cnt=1
  • https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
350 B
401 B 		Document
General
Check archive.org
Download Go to
Full URL
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
lb-1.futalis.de
Software
/
Resource Hash
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
350
content-type
text/html; charset=utf-8

Redirect headers

content-length
0
content-type
text/html; charset=utf-8
date
Thu, 16 Nov 2023 22:38:17 GMT
location
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
p3p
policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server
Apache
xphp81
true
view.aspx
pb.media01.eu/ Frame 2379
Redirect Chain
  • https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=54424000164569404444554012510003&t=htlp&gdpr=1&consent=1&gdpr_consent=
  • https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=655699d997345f2ebe36eb1e&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
0
89 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=655699d997345f2ebe36eb1e&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:17 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Thu, 16 Nov 2023 11:38:17 GMT
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
access-control-expose-headers
X-Request-ID
attribution-reporting-register-source
{"source_event_id":"25200521800103636","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length
0
content-type
application/javascript
date
Thu, 16 Nov 2023 22:38:17 GMT
host
pv.medialead.de
keep-alive
timeout=20
location
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=655699d997345f2ebe36eb1e&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
proxy-host
pv.medialead.de
server
nginx/1.17.5
strict-transport-security
max-age=15768000
vary
Origin
x-iplb-instance
40028
x-iplb-request-id
B2A2D18C:D2D4_91EFC182:01BB_655699D9_537BB0B:1A42B
view.aspx
www.media01.eu/ Frame 62F5
Redirect Chain
  • https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=54424000164569404444554012510003&pv=1
  • https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700174297_d5e60670-84d0-11ee-819e-22341370d01f&d...
0
904 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700174297_d5e60670-84d0-11ee-819e-22341370d01f&dt_mode=iframe&dt_url=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.10.231.200 Fellbach, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
85-10-231-200.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:16 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Thu, 16 Nov 2023 11:38:16 GMT
p3p
policyref="http://www.media01.eu/www.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma
no-cache
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-xss-protection
1; mode=block

Redirect headers

Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
0
Date
Thu, 16 Nov 2023 22:38:17 GMT
Location
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1700174297_d5e60670-84d0-11ee-819e-22341370d01f&dt_mode=iframe&dt_url=
Node
Helix
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security
max-age=86400
request_content.php
hal90003.redintelligence.net/ Frame B6D5 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.117.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
2c77478156f15ac11098078acdfece91f6f64c832dc28a5b9bb96df485e64337

Request headers

Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2043
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Nov 2023 22:38:17 GMT
Expires
Thu, 16 Nov 2023 22:38:17 +0100
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 73DE 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1056
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 09:19:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 73DE 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1288
x-xss-protection
0
last-modified
Thu, 21 Oct 2021 13:24:58 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
head2_3line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 73DE 		11 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head2_3line_paare.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba9e143db781b645a27217f7205e9b2e51ba525c0458ad50e3868d695cc27fa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
721
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3285
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:41:16 GMT
head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 73DE 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1610
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:51:11 GMT
tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 73DE 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
646
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2072
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 07:44:21 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:31 GMT
300x600_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 73DE 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/300x600_kv_paar.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fec1d82b204775d2e2ff9fae80da6c932e9a5dbf9fea4e4e9bdfdf48e5dc2eeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:31:12 GMT
x-content-type-options
nosniff
age
425
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38190
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 09:52:01 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:46:12 GMT
gtm.js
www.googletagmanager.com/ Frame A985 		174 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Requested by
Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
50f0a9707b62fd19050b9d2029c3d33ca34e506bf476ad1a877018ad1b159e2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63899
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Nov 2023 22:38:17 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 6ACA 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 06:30:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58086
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 17 Nov 2023 06:30:11 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 6ACA 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1138786.279382INVITEMEDIAINC.D4/B30678728.378094554;dc_ver=99.292;sz=728x90;u_sd=1;dc_adk=3430571814;ord=6yce5a;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVotl1plWZbCMMtHU6gSF2LmICP2e0K5z883ttvcRv8qivcABEAEg4Y_1AWCV0qGCsAegAd_oy7ACyAEJqQJLK8ex5DiyPqgDAcgDmwSqBKICT9CCh-tg2CIzIei1ECK69htaeWDv2ifrdqj6PoRFHh40Z4KvRyJ5tKX7Fnc8mV5TU8d6Kg1LBu72dZPKyGblyufaYZ_XyxlfSqFewkiy-QrN1FoEGGFobQ2gPGdkD39-uMvy-bEo4xrn1kXi6Pe_DFccnLxUJi39a9GECpizAw_ouZ5Ntioa7yfN4Z_iJjBnXaFvpCDY7Z_BCBU0x5OpxKjcaXq2EP7OA3s6Y8VPIY2amz1de7_7dsq8pzbTROHQzj4eZ8VTnJF01v1cnvrz8u37Fz19_09ROBASf1CqdmcLvUY_hBtWXqinwNOuxKdLDEAkfRXiZASE5b9lysv8bTzD3IQdh37h9qCF06G1iQaG7yHBaM0OK24GgybN10ZlgQDABNu_jY69BOAEA4gFv5XJ50yQBgGgBk2AB4mXtM8BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CREWwE_PRgxXIE6fP1-MD0BMA2BMK2BQB0BUB-BYBgBcB6BcF%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaN8XoIEfLE1Q6V3pqJmkSJ3GtjNO9jDrijuvotMY7_X5e-6p5Uxn8_nOgh4mshg_As4ClZxxEeRoGoVF_lsgk5SRiu09qe8nRPvhgB%26sig%3DAOD64_362ueWta8WAMSa1dLP6pGrRyS4Qg%26client%3Dca-pub-4191647241486880%26dbm_c%3DAKAmf-DMEywtHH1uaJ63962G33QFFhcpZdJPuFr4-Yogn4ijwNw0HrdGPMAJU31AZQiwF7pPMxcVnG7O_w8dz29sS-yelv5nz60oe5z62ZqMOb99oHIbEbIPu9yaS-A_CmB_LAeNjOgWd9JbXR5Tf-_ckWg5A8G_nDKFRIUz4TVFLJ6bqCLGHHK1PgbC0b6ZmpULy4w4WL1V_V4zHSvMqyape3rWIzopmA%26cry%3D1%26dbm_d%3DAKAmf-CsWh073Mp-kSQRRHzOxzuPJfoyN-fEzabEVY0mc7-qSojqbZryCyGORghj6dUXCOdtpwhP7EgOcUBujYp8yIynXMbIVZH34mxpzU4Un_SHo1dt8_361QtRum6ukUZ-Juv5FLsfLn-VNp4JTRrAWqyz0TomMYpcEvxaB6ePs4bA9LKM47CIBtrBuXXWw2y-IcpX5pQ7fAPATxgnbUE9ft5R7SwOzSpkQxEt6FHq5Gctz3TjaTM9aK621i-EF0xvZN9i3EyZK7h1_AnRKo1GafUfR0KUDJXEvCiBRXCpjsr2_RbDSD1F1GIOurRggtWS4hHC0wY_M0oVxf2n3XZwLHEs4XOLVjNi3f1sw8IY1bQnmViichqCdRm6rpJI6gWI0fWq5ttbyzUWWGtxYU15annDyHxeD0KzF8nWMxbNnSGRdaNBJkkAWvrxBXPp7V60yc8EaQUUIHa5gD9v_6LRQ6K2FfEz2SytS6yKOanXwbvCqRUQqp9E1cB4q0DkkoTnhnDgSH48ffyua2bx81zzUHkamK88JfSLal7Lob4e6bWelC7lUbhMsriewkJQtvpS1LCTdxq8cQx-43pj9hBY5zqbhRIE-A%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.;dc_rfl=2,https%3A%2F%2Fwwwproxy.uscho.com$2,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-0-%26adk%3D1812271801%26client%3Dca-pub-4191647241486880%26fa%3D1%26ifi%3D12%26uci%3Da!c%26btvi%3D6$0;xdt=1;crlt=-Ghck0dXED;stc=1;chaa=1;sttr=253;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 02:35:01 GMT
content-encoding
br
x-content-type-options
nosniff
age
72196
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
17947678125179771625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 30 Nov 2023 02:35:01 GMT
63c51e1aeaeb06ed73452eca
measure.lamp.avct.cloud/measure/ Frame 6ACA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://measure.lamp.avct.cloud/measure/63c51e1aeaeb06ed73452eca?mid=651e6b2507e337ed959d3bc2&mt=1&d=wwwproxy.uscho.com&c=0&r=0&evid=517d65fe-74a0-462d-97cb-851a70db7f56&vmet=IntersectionObserver&seq=0&sev=start&sst=2023-11-16T22:38:17.220Z&h=90&w=728&sh=1200&sw=1600&sah=1200&saw=1600&vsum=0,0,0,0,0,0,0,0,0,0,0&vmax=0,0,0,0,0,0,0,0,0,0,0&trk=false&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=888059656&cp_dspId=dv360&vts=
Requested by
Host: cdn.lamp.avct.cloud
URL: https://cdn.lamp.avct.cloud/attn.js?mt=displayBanner&aid=63c51e1aeaeb06ed73452eca&mid=651e6b2507e337ed959d3bc2&tid=651e782707e337ed959d3bc4-1-19&cp_lineItemId=20618300095&cp_creativeId=523603354&cp_extSellerId=1&cp_extPublisherId=1&cp_extSiteId=888059656&a=&cp_dspId=dv360&api_frameworks=[APIFRAMEWORKS]
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.17.171.231 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-171-231.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
content-length
0
truncated
/ Frame 6ACA 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c41b696bdffa7defcd2a2c1e57a70a56246ee493f7e527898c701cd5dd462362

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame D397 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
910079f377a7272f5d84d5ff023684003801a9aaa413f55892b0fb5f3bdb2bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame D51A 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
dt
dt.adsafeprotected.com/ Frame B338 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8fda29e4-8b7b-9a3b-8529-f9099e249d77&tv=%7Bc:ub0IUF,pingTime:-10,time:813,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE1OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1700174297305%7C%7C482796b88de8bea442a5935e94c6171a%7C%7C1b7de7e82db1163ab7a1342e5def95a8%7C%7Ced282235ab6bf81bd2e43af91c8d1416%7C%7Ce7b3cf40cd46c2d9755fd8532f9bfd00%7C%7C8e3fb72caccd3113b1b4ab7bfc68fe08%7C%7C6f3fd42ff1e332634150520477449d74%7C%7Cd6fff7f3a9477b7f28869586ae1dd585%7C%7C1663701684%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-server-name
dt31.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8AEC 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BkeaW1plWZZbcO-Kp78EPxJ2IyAkAAAAAOAHgBAI&bg=!ExClEF_NAAZxrfrxUa07ADQBe5WfOIa7oDeFLn3Dv2qJVTx-jvrGagMwWIEBzVOYnwJoYGRR9oJCsiRMZPWbsnwau762AgAAAm5SAAAAAmgBBwoAfTjWtYppjWbSkNprxRSi_nitcoNWWN9K7l7ghv10h_drq47NRze2ZgEjOC7wCdJEMvU1L87-n9qPrRNoOPrPfAeUt5O4cVt28hPfvzZwzoZu7GpR3RxN6_nyUAM013x2HIKh1Vnedu5EXhOuYB6_-SY9ClBPnZOonFNo_VUkmQL1YBxo_vo6s6n08VoCKsdaiCsRUloeILeEVrGVwUoc6dWZF8WbaGQkKrUlK4mY4DylsYOv1z1YTTZTcRbahfzqCg-9fkfA92xM99fqYA8krKx0_ddimGq8Bqdlc05uJCnQ8vfRO8RAEYjzoJF2tgTH51391yOSbtYzK2B-EpruWqgZV2bfy0tWza2AVBUuWALIUnHfospfYiKK5of_RNPwUp5cDdy3ikMmo-6287IqNRYYMWVyJ18JvuUi0RIdg9TcvTiISGP-V_Hyr7LqFvQXwSudB3HjKfFan6dLlhDu3tuzOGXWRLuLaOi5HzutefKvGktwhGvxL3VBN1f4HoqfIsur6yHEL57HIj7Kqoz5EJtLdMqT3VzsbliFn_LHxZG2nMiIRroGVyj4jSLyCV0pCj4fU_VAJWoZNUjmDJPNR5Zpc60DTWZ85z5kpyV6-ohHVHWEOjAjtoIEYfls6ggzUiDbtoj9fspL7x68tqX03CuRRLaLFh50Y03F-PvRFd7Ccpimxng-GpgJ_M-03pJlrCvAVIcn9wMBk7AUkgF3e-jyoCikI4oYiWfeb3gzua-2dUiiKl7Wb1Nf5VvtdG_j5rpgLownVBLUSjOMuIVb5ZPMN5zqT-yC_rc5MddCgJylXcR4y0uocOwQ2QDGnYyKhyLDNW0dR6J9sUelezbZ8pvPup4tFKE2kRTGQLRF0Jr-PzM0TRMs9oaYVclJRlj3kftKP0-ZQR-cF3tTQBoTscPRp3OtYzOSD6mxo2KOD4AvmdbiaA1JsFj436EQ4QGBopI95AmgAgfnMU70OttUwM4aNf7SbtJgx6PsCb2Yr7zEo6j6MGcNF4mu2p-d1ZCiuRMUXJJO_juzVT6rFYMarDy_biFWi3MJ0HHc9jq6eBJvVaWVNy2k49GiOJoTxZpfymO63RNBn7GFzQ7KXOciO3GK7BHgwHgBXxDepvHyyCD1lcnc02CxiVRqxfUmrNSi6_wKPk-W4qicr-kSJ7WbHhgRJNmY2Q
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame B6D5 		5 KB
682 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90003.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 22:37:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 22:38:17 GMT
/
hal9000.redintelligence.net/scale/ Frame B6D5 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by
Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
86597384cc5015799346280854ac0cbcd10b66ff0878706ca7410028001cf5c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90003.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
9491
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame B6D5 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-1200x627.jpg
Requested by
Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
a0bd5478392a74f3bfd936ca404370cd3e79a9a884af8fe4c5e1bcdd3e36fbc8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90003.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
10048
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame B6D5 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/59568/creativesup/Laubblaeser_1200x627_BIS.jpg
Requested by
Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
9d98b000d5293c69799dab34945896eabb8f649e753ada76af1de481ea037ead

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90003.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
12379
Vary
Accept-Encoding
Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame CC0B 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28412
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 14:44:45 GMT
expires
Fri, 15 Nov 2024 14:44:45 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ts.js
cdn.retailads.net/ Frame DDAE 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.retailads.net/ts.js
Requested by
Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3310263989
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://futalis.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
last-modified
Wed, 05 Apr 2023 20:14:46 GMT
server
Apache
etag
"1416-5f89c717cdc2f"
content-type
application/javascript
xphp81
true
accept-ranges
bytes
content-length
5142
link.html
track.webgains.com/ Frame D543 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=56038700178904204444994012510019&nw=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.132.222.111 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-132-222-111.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/7.4.26
Resource Hash
cee45c6177a57358621d1a5875e1394d4a89de5b9853e73c8f9d16f9b0a9b590

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
last-modified
Thu, 16 Nov 2023 22:38:17 GMT
server
nginx
x-powered-by
PHP/7.4.26
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=60
access-control-allow-headers
Authorization
expires
Thu, 16 Nov 2023 22:39:17 GMT
request_content.php
hal900019.redintelligence.net/ Frame 9BF2 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.238.90.46.78.clients.your-server.de
Software
Apache /
Resource Hash
2def11179e29dc85ebb722bfd4a6c962701ad38ae298dcb5650c36c98df3266c

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2105
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Nov 2023 22:38:17 GMT
Expires
Thu, 16 Nov 2023 22:38:17 +0100
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
truncated
/ Frame D543 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7b5a341a6a735758668fd143aa206c128530868e441910cbdcfcbd4cd751902e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 5EAC 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1056
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 09:19:56 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 5EAC 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
645
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1288
x-xss-protection
0
last-modified
Thu, 21 Oct 2021 13:24:58 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:32 GMT
head2_3line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 5EAC 		11 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head2_3line_paare.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba9e143db781b645a27217f7205e9b2e51ba525c0458ad50e3868d695cc27fa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
721
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3285
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:41:16 GMT
head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 5EAC 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1610
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:12:24 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:51:11 GMT
tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 5EAC 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:27:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
646
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2072
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 07:44:21 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:42:31 GMT
300x600_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 5EAC 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4453672/300x600_kv_paar.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fec1d82b204775d2e2ff9fae80da6c932e9a5dbf9fea4e4e9bdfdf48e5dc2eeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17425118478164857034/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:31:12 GMT
x-content-type-options
nosniff
age
425
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38190
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 09:52:01 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:46:12 GMT
css
fonts.googleapis.com/ Frame 9BF2 		5 KB
682 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900019.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 20:46:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Nov 2023 22:38:17 GMT
/
hal9000.redintelligence.net/scale/ Frame 9BF2 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e8adbd64f6362d073f8cb1b430df715a3fb45e26c7bb3a2e6ffc87a76a8e874c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900019.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16985
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 9BF2 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
61487d110e8cf774265c3ea19a8e7936548afe1ddcef7a2cc5793f20626644d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900019.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
16514
Vary
Accept-Encoding
Content-Type
image/png
/
hal9000.redintelligence.net/scale/ Frame 9BF2 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.64.201.138.clients.your-server.de
Software
Apache /
Resource Hash
2c4cc72d9db45aba624ba26e1cd0cb1c031fddc042884e71182a985a5b061c7f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900019.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
10940
Vary
Accept-Encoding
Content-Type
image/png
activeview
pagead2.googlesyndication.com/pcs/ Frame F37B 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKnjo9YsqNKpLTPTq0lZzrtFT0ZaCvUqq39d-ff8XMaPHFQXsNra5TIBZ97oJi42amPCCfNnp-4pIObzaHrWZQUbTXDFpZZoPuH5nQ2Ve0D24KwGUH02OKqU_Ga3j1L2Ii7vMjMX0pu_MP&sai=AMfl-YQge0bBkDkqiry5JRpv0JxbDt0OYa36YhDFZ7o3q6jXMNLXO4X_LD-SynsBQrL1GCg8PFFeKpMcCI9wmN-4rs-Cemzv6qtxRd4nFxCdvt1vKAeQDBYPAekB3wCA7B4V9tQyNUZXyu5CdDL5XhGu&sig=Cg0ArKJSzGovIndv01U7EAE&cid=CAQSTgDICaaNZPTjjILItiRqJB2zeKjfKwbRFudP220Z7Sbs2YkoCkmDX2DKW11C2ZHw62lyFPGH_x5RGs0MRPlWO5aDh__dSATT7RykUcmN0xgB&id=lidar2&mcvt=1061&p=0,0,280,1200&mtos=1061,1061,1061,1061,1061&tos=1061,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1035218292&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700174294820&rpt=1596&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
abdeff3f6b80e43233abe7678ac77ae09b4e04abbc10ad9cae8f472b8c12d151
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
560243
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2089
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Fri, 10 Nov 2023 11:00:54 GMT
expires
Sat, 09 Nov 2024 11:00:54 GMT
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 6ACA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsskhEhR1t9Tm4wtIL6QByGepI0vmPyk6xs5kSZEcFh8BjM4iShqkOK0M2IGB0kcNIaRE6-8eHvaOdKMhgJ2fkL8540plHRpASexNKXSDGEhianRBBVddP_3454oCHo9nHaB7JT9cEyYkyTqcdDASgctWEmIUKxmW7YU0tGyHtXnUw&sai=AMfl-YQ4Wg7p0IW1Tn8Sz0hSxE1Kk6Knrew8pGKkO-_BuEdO5aSakCi8szlEMVrQa-YhvLZKd1NKY9GI2LLDaEaWCb4OeciFadXE97mvWw&sig=Cg0ArKJSzLyzNTWVlZkMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=330&cbvp=1&cstd=329&cisv=r20231109.17114&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
viewability
hal90003.redintelligence.net/ Frame B6D5 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal90003.redintelligence.net/viewability?s=54424000164569404444554012510003&a=97cf35bf&vb=m
Requested by
Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.117.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal90003.redintelligence.net/request_content.php?s=54424000164569404444554012510003&a=d0dc5e74
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
gen_204
pagead2.googlesyndication.com/pagead/ Frame 579A 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B0KLv15lWZcHXA7jG9u8PjeaNqAgAAAAAOAHgBAI&bg=!Z2SlZCvNAAZxrfrxUa07ADQBe5WfOHacJmCngiaWnLAXNwbrlovhyQqlG__71rIGT9eVAG1SePauCtUdRcwIvLnvCBzmAgAAAj9SAAAAA2gBB5kDEBmzyyj-GsqLZfILe3vCl6e3BQXbp_YiytZ4ScaBMchW68vJTAOjfMFlc-i_FpnwUiyoEcUWs-2yf13P1_BSp1ktlaUUkqcg4rG618OI-tj8cq65Bqsh4WQDcFxbTvtJj72XOold9BZ1PtDDHxiuenxcN5YKfUjOvn6hTYYn4nMYEO0JJntHTDKYlCV7B8xj-FTvKJXrnHvgP-7wlJEnVmufUQ4LzY74U4V19rl84P71lp-arPa8j4J3aIjTJIAUvf8_6cz70MdkFneOKwWCQT2B7sb8AbNVCYnxSjHTA6fSodvoYGRkSM5Us9NzRoOR9qWD5VMUSaZ-U-WVwKluV7II7RkeQyISMdpYxZmOSNEPoLi4H3V92VHfEwaM86ddWB_DO-yE9WsqXJsjUWuPJshUVBzhxgN04PWiufWNgp_ym44t2sNMPVfI5LIr1cOZJCiJcxA7i_OMHiE8F3kJ2rx2R5Byl9ySC6aZ_il8dN2Omz_FXl0Y6ae-hTq8jgqjIIE_gHTZrEhPAGzL3N3z_44rEbImu0KFZ6CZpBEfhx4NFeGCA8Hsnap11xYL-CSoG1OT0Y0jw_I5xisUzJmHHkPvEyceO1YD4g5rlt7891P7xPWkF-MbEuh_KWf80vPvXNPFx9K8CSiRMViVAEdfnOBdKOUAEHjRiCt1SdOICHyyoAKXqU-G8827UFmkV38yIu3iI61awwfyu3AHgGkYV2jPCoVcNW5DA6RgYDl2f21JZP6r419G70sCLC0HWeOXe3jrEOqhh1aAkAX2o20PdMqws-d62LVG86Y6NLLlcgyMsk3vw1VYgQ1L5tYcSMIPiyFrXPVZuIU-24eDy7gX-qaJTWA0tL_BHillqBUwkVieL_YBQobDdSpImq1Vd-hx_11LgBKwLmp6JD7HzhEg6BVEx7hf9EMQX-SPJs7v6ZndPiob8H9s3X9GbXUvGEk-mNY25faPDhSv_rZOcq34FjnWE44cy26yLcg46KAviPbKeqy714_JSEwXQMPLEpJqKqYJaQH_Al1yfN2TetlrVFg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 2CE1 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2668493502&adf=924602298&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=1&bdt=1194&idt=552&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=4334&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=556
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
522
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame C168 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=485734751&adf=3118553579&pi=t.ma~as.6979783657&w=300&lmt=1700174294&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294527&bpp=1&bdt=1191&idt=450&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1205&ady=1867&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
522
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
js
www.googletagmanager.com/gtag/ Frame A985 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a2a1f4c505ef43bce210d50eccf855747b1ed7a66f3dd5849ef7170c1f3a7657
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://adv.office-partner.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92852
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 16 Nov 2023 22:38:17 GMT
createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 070F 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64275
x-xss-protection
0
last-modified
Fri, 15 Nov 2019 19:16:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 16 Nov 2023 22:38:17 GMT
728x90.js
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/728x90.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a14d925b35bb3035cc21f39d7f34f8d83e5b1b2ad0bdc965d9d5e2ff7922fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 22:05:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
347541
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2264
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 11 Nov 2024 22:05:56 GMT
_preloader.gif
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		673 B
700 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_preloader.gif
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da18849e09ca7517671f0244bad6aff6299f6c320ea5b37213e76963ffeddf0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 22:05:56 GMT
x-content-type-options
nosniff
age
347541
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
673
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 11 Nov 2024 22:05:56 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame B338 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=600&slotname=6979783657&adk=2620223934&adf=1992271493&pi=t.ma~as.6979783657&w=300&lmt=1700174295&format=300x600&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294528&bpp=1&bdt=1193&idt=524&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=110&ady=3125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=527
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
522
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame CC0B 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
viewability
hal900019.redintelligence.net/ Frame 9BF2 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900019.redintelligence.net/viewability?s=56038700178904204444994012510019&a=6e80f856&vb=m
Requested by
Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.238.90.46.78.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900019.redintelligence.net/request_content.php?s=56038700178904204444994012510019&a=c2348f97
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:17 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame B6D5 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90003.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:33 GMT
x-content-type-options
nosniff
age
326564
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 03:55:33 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame B6D5 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal90003.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:30:11 GMT
x-content-type-options
nosniff
age
256086
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:30:11 GMT
pvClk.min.js
analytics.webgains.io/ Frame D543 		53 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.webgains.io/pvClk.min.js
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=56038700178904204444994012510019&nw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.103.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-103-16.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 05:55:55 GMT
content-encoding
gzip
via
1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront)
last-modified
Wed, 01 Nov 2023 16:51:16 GMT
server
AmazonS3
x-amz-cf-pop
ZRH50-C1
age
60143
x-amz-server-side-encryption
AES256
etag
W/"5d5bc5942e2e0a61b44429bb852bdc91"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
Tod9aLiJq4_OTcOOlgbljOqgX0v-AoSHP7j4xoW9O4rAeFjuLDwmsQ==
1x1_0.png
cdn.track.production.webgains.team/7121/ Frame D543 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1700174597&Signature=fxwDLAMOMYipkimR0bJhG~QzWK7PIBqtCu-bEOeGFgHmj9g98JFRPPh7ib5KYe~de82w7bE9kRE~uMaFDcfika8L-cbzAx9BpliT-uy1MPr-zcFgpNK2VRv5jc80V36O9VHXPc2Ejtzt0UK~UMSaQf8YlXVYaS0Msf-sxwggHA53WBEzAcHIXU10Evb~nNAhGZY8TMh80PC~u3hIzCLVLjyKcrhxUa4FD0KNTnKTVbA1K~k2rikUCi1Z57eIOh9oaH73of5LujVdL5a~PikYZD6PWy71t-r6CyjQkKlrYrPCmiPi~lcR-2rU6Xj7~F~q5jG~qAWy-TNErf~Qt~a2aA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-76.zrh55.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 07:14:29 GMT
x-amz-version-id
null
via
1.1 a1822b92cbf5d3516743d4786d5b6020.cloudfront.net (CloudFront)
last-modified
Fri, 06 May 2022 11:40:06 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
age
55429
etag
"4e57de0506fbdb487ffcd53b450caee1"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2808
x-amz-cf-id
n_TUkvERVb-bZfua_xYWXoX9e9zjohp3gsFKyfxrnQZly-FsUJj2Yg==
6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 9BF2 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900019.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 03:55:33 GMT
x-content-type-options
nosniff
age
326564
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 03:55:33 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 9BF2 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://hal900019.redintelligence.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:30:11 GMT
x-content-type-options
nosniff
age
256086
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2024 23:30:11 GMT
csi
csi.gstatic.com/ Frame 2CE1 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvo2x&chm=1&ctx=2&gqid=15lWZcyfBtqy9u8PutyEoA0&qqid=COyhq-fKyYIDFSTeOwId1DABVw&met.4=fb.fu~lb.w1~ol.1v7~bdt.-1cn~bpp.-fg~idt.-5~dtd.-1~dt.-fh&met.3=374.187~113.22j_1~112.22i_1&met.1=1.lp1rvm0e~6.2~7.2~8.2~9.2~10.2~12.4~13.a4~14.a5~15.ba~16.104~17.104~18.105~19.1v5~20.1v6~21.1v7&met.7=CAUQCBgBKAIw7AI48xJoBHDrAniOXYAB4lqIAYHUAbABAbgBAw~CBwQBhgBIJkDKJkDMNMDODpomgNw0AN41gKAASqIASqwAQG4AQM~CBwQBhgBIJkDKJkDMNIDODhomgNw0QN4rAKwAQG4AQM~CBwQChgBIJkDKJkDMNADODdomwNwyAN4qfgBgAH99QGIAYXHBbABAbgBAw~CBwQChgBIJkDKJkDMKkDOBBomwNwpwN4iUWAAd1CiAHwoQGwAQG4AQM~CCoQChgBIJkDKJkDMOcFOM0CaLsEcMMFeJ-BBIAB8_4DiAGo1AywAQG4AQM~CB4QChgBIJkDKJkDMMsEOLIBaLsEcMoEeIAMgAHUCYgBgRWwAQG4AQM~CCgQBRgBILsEKLsEMNkEOB5ovARw2AR4gwSAAdcBiAHSA7ABAbgBAw~CBwQARgBIMgFKMgFMPkFODFoyQVw-AV4rAKwAQG4AQM~CBwQARgBIMoFKMoFMPoFODBoygVw-QV4rAKwAQG4AQM~CCgQChgBIMsFKMsFMI0GOEJozAVwgwZ4lcsCgAHpyAKIAcfbBrABAbgBAw~CBsQCiDBCDimAQ~CCkQChgBIMIIKMIIMOEIOB5owwhw0gh4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBIMMIKMMIMNIIOA9owwhw0Qh4miOAAe4giAGAWLABAbgBAw~CAkQChgBIMYIKMYIMNkIOBNoxwhw2Ah4jl-AAeJciAH2-AGwAQG4AQM~CCcQChgBIMcIKMcIMNcIOBFoxwhw1gh4nW-AAfFsiAHpyQKwAQG4AQM~CBsQCiDMCziuAQ~CCcQBRgBIPELKPELMIEMOBBo8wtw_wt4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIPQLKPQLMIgMOBNo9gtwhAx4vrYBgAGStAGIAeP_CLABAbgBAw~CCIQBBgBIPULKPULMLsMOEZo9gtwugx4rAKwAQG4AQM~CBsQBiCtDDitBA~CBsQBiCvDDjfBQ~CBsQBiCCDTjYAw~CCIQBBgBIPoOKPoOMK0PODRo-g5wrQ94rAKwAQG4AQM~CCgQChgBILwTKLwTMMsTOA9ovRNwyRN40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame C168 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvo2y&chm=1&ctx=2&gqid=1plWZf7YPPe69u8Ppqa-gAE&qqid=CLnSpOfKyYIDFUPbOwIdi4oGsg&met.4=fb.r6~lb.137~ol.1y6~bdt.-19p~bpp.-cl~idt.-4~dtd.-1~dt.-cm&met.3=374.1gy~113.25h_1~112.25h_1&met.1=1.lp1rvlxh~6.0~7.0~8.0~9.0~10.0~12.1~13.jt~14.jt~15.ob~16.19s~17.19s~18.19s~19.1y4~20.1y5~21.1y6&met.7=CAUQCBgBMMoFON4TaAFwyQV4mV2AAe1aiAHZ0wGwAQG4AQM~CBwQBhgBIO8GKO8GMKMHODRo8QZwogd41gKAASqIASqwAQG4AQM~CBwQBhgBIO8GKO8GMKMHODRo8QZwogd4rAKwAQG4AQM~CBwQChgBIO8GKO8GMKgHODho8QZwpAd4qfgBgAH99QGIAYXHBbABAbgBAw~CBwQChgBIO8GKO8GMP8GOBBo8QZw_gZ4iUWAAd1CiAHwoQGwAQG4AQM~CB4QChgBIO8GKO8GMOEHOHFo0wdw4Ad4gAyAAdQJiAGBFbABAbgBAw~CCoQChgBIPAGKPAGMOcIOPcBaNMHcLQIeJ-BBIAB8_4DiAGo1AywAQG4AQM~CCgQBRgBINMHKNMHMO8HOBxo1Qdw7wd4rAKwAQG4AQM~CBwQARgBILMIKLMIMOQIODFoswhw4wh4rAKwAQG4AQM~CBwQARgBILQIKLQIMOQIODFotQhw5Ah4rAKwAQG4AQM~CCgQChgBILUIKLUIMPIIOD1otghw7wh4h8oCgAHbxwKIAcHaBrABAbgBAw~CBsQCiC6Cjgq~CCkQChgBILwKKLwKMNcKOBtovApw0Qp4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBIL0KKL0KMNUKOBhovQpw0gp4miOAAe4giAGAWLABAbgBAw~CAkQChgBIMAKKMAKMNgKOBhowQpw1Ap4jl-AAeJciAH2-AGwAQG4AQM~CCcQChgBIMAKKMAKMNUKOBVowQpw0wp4nW-AAfFsiAHpyQKwAQG4AQM~CBsQCiC5DTiyAQ~CBsQBiD1DTiGBQ~CBsQBiD3DTiDBQ~CCcQBRgBIIoOKIoOMJkOOA9oiw5wmA54oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBII0OKI0OMJ8OOBJojg5wnA54vrYBgAGStAGIAeP_CLABAbgBAw~CCIQBBgBII4OKI4OMMoOODxojw5wyQ54rAKwAQG4AQM~CBsQBiDbDjigBA~CCIQBBgBIOQQKOQQMJoRODZo5BBwmRF4rAKwAQG4AQM~CCgQChgBIKYUKKYUMLgUOBJopxRwtBR40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame D397 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
522
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8ED5 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BacZ015lWZZuAMpm99u8P1oqZ0A0AAAAAOAHgBAI&bg=!xMelx4jNAAZxrfrxUa07ADQBe5WfOGGu3tOiFnlHSt3KoU4QQtzAJko0C7BV94kOaJb6TbyVsxdH7hN5Okq73E73u54hAgAAAshSAAAAAmgBB5kC_X1DFLO0iedXoFh1_Ki0qNMTMkIt253AFHaLyQ3UWymJEzjxrpqB-_fm62CuNAzWptQhPql1voQ2WT86nFWO0lu091EBgeV2qF3fo7x6u-Gb5PZ3IgKvJyeEpA-ZkHaw5G81qK7JwdXuomDgE7d3bV0fAC76oH00wL5RAShAJsNiVafMweW5-lpwkjPg_V_ihCaEzFZp91LiN7OHb1SzU_JUL-pv9V6tZBh4FonaPvxNRlGxB1OzgifTUmkRtebSdvDJxpGkHJWk8bgDUeH5antBh1DHjNSnCtesDQ1Tnka5jeODMV6vwRYHImZYgTLrC-bJpO9RRDQBMJRrFzeMHvrJkCXZkwUZDPXpTPRtrEBhnz628W4aL6FKdbapmUxl5a0Ryz_SLj_4qyjfUw2jT7POzNeFIgT6GhLqnaH0Xof6nN05jzFX9odUKyksNBHam1X8MFMXVksHsZf6pnJ4BzSE58fHjF0BmZqDyu782X62r52eO-csmf3PxyiAl6e2NzeNH5eG9xW7QHF0S79DmU_8ANnHkNofNpRSc-IRKHsaDnG7hbM-LXeDK83G8JFeCx9QFiTKVoAsz8Ey0jbeGexpTKXuMG7d9nhqnKObNl05M6CbhK_gyBtZJ_mG9ihHDzT8oIkFwBbJUXbNJC7Xpwi93kaSBd-e2E9BXyiJPXK2rJ7ZK5-TOAz_M0evCgTf9ypbS_QokpRrVtK5gjmekWacGmyUMF-nWVASbka4CpeY3xTOBuU99Crz-lx-g7_cEwCkJtMuaInZ6FcHTEizntxHrjNfZSdIjzebC3umicsazmefvo1flQG0gX9DZi9AWJidaYnFfVYhywYIOb_wZq_85yzA7zABqO4VYPyp7wEz3_ZAgSWzIIYvlBipYrdUFdMXTFAryp4qEV4vosPMLmOyEyXDnX7q8Dv-cSPliN2p2iwrvrAtc9D-yeoelANyByCzEweX3x2WbbhBbsFMOy4nMYJMz2v_zSo_rP7GPUgIo_UrmnBoT9IoMgFNEw
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6139 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BC7a-2JlWZZqcAZKWjuwPtJOn4AEAAAAAOAHgBAI&bg=!19Sl1JvNAAZxrfrxUa07ADQBe5WfOI_hyrOSGabaU0Xt18qnkTTDqA4diQRzjM8LHJABRcGcxza_9u2B9Bq4Qm2BHXH2AgAAAr9SAAAABGgBB5kDDQitVOQBgN3q2Bht-ZME7FJLQrdDPnuqN5E8OKzrStCRm1-K4naRrYtxCl9E4eApQsDru4tNbXF-TfE5KNbxYwb9CXAgcfTBV8ZqDr69cNKeIDaZHf69pBDknIBFPI_59X6iDSU9vMg61gLDjenplJD_LEYaYwbbyJhTzPq9JAapZQUI1-EagJ-9FZP-9a9_NQ3YteKiXakcgis_yMJ_WGWkm3zh4UCJ7TpF1NLgr_oSSoxhtWFEdv5VsjEaW8wRu6XFfzBdTD53Gd8rGnoOQu4kmcwcNI7lSTq1ifzy6xsL_zvmAa83ZK6oJyuPbLwW9XY_NQSa7ainFwd5cDe6xGnGE1qmBGbTO3EGs9LcU-0XS_A9pPwqdhu1hnlELJHRCUlvSr6sceMxkpyGdhjebVJ47HbvovKdNtgS3vmjo8XBGepvIxeo5apLeGQ1X6ifeRSF427qwShjdajmJo9QEKemInvR0t5piS5mAQOoOnw-3wH5-msOaswV5hTLrHOoqMC01mMOLTTDa1A7Ea4SqAH_fQ20sD3EFVClUjKZ-IYzmWjC6nOblLfz-TG5lUR_3TEYI6_FllIE1wXysmBbVqelkW-3RzfHKqE638adRLDJKT5gwmNqRScj4KiPyQMblKzUCeMmIbahEkDfm33OpYpQbZXfkb3b6WdOjnZVrSVTWoTj8SIH9WNhGi8oHtoZl3j1kepVhPIEAxuSeqjbNfEi3L9wtPB-iCuWJ4SGdj46rXqTFyqOCQbcqJ4YB5VDUJKK8ZKnRSCN0spQSor3x1v-kX8DqA-ywyMbWQkAl6VVhu8TZ0zl35Vo-ebUwHa5oV7SrIw1ttt_B4ABX5gwDHcoQluuKHSAHZyvcmut9ZbcwTM3XmF_ElUHSxFzKVcrJiccUaAXNI4ArNwUV8tmE4s2xAnzeQoClWZf24Hda3Jpm0g1bos5EWQB7oIKNIvKLvjLWRSS_TlN4VvRpIoncf6CrATzi8TpwXmymvSEW0iGQWoIzKTk63uuy50bz2_PrSfbLJVU5Wbt5Cvm7Zc
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame B338 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvo50&chm=1&ctx=2&gqid=15lWZdelBIqs9u8Pxteg4AM&qqid=CM64qefKyYIDFVneOwIdlEwHzw&met.4=fb.gd~lb.wb~ol.1y7~bdt.-1bt~bpp.-en~idt.-4~dtd.-1~dt.-eo&met.3=374.178~113.25g_1~112.25g_1&met.1=1.lp1rvlzk~6.1~7.1~8.1~9.1~10.1~12.2~13.av~14.ax~15.bv~16.zq~17.zq~18.zq~19.1y6~20.1y7~21.1y7&met.7=CAUQCBgBMIkDON8TaAJwhwN4lV2AAelaiAGG1AGwAQG4AQM~CBwQBhgBILIDKLIDMOMDODFoswNw4gN41gKAASqIASqwAQG4AQM~CBwQBhgBILIDKLIDMOMDODFoswNw4wN4rAKwAQG4AQM~CBwQChgBILIDKLIDMNkDOCZoswNw0AN4qfgBgAH99QGIAYXHBbABAbgBAw~CBwQChgBILIDKLIDMMIDOBBoswNwwQN4iUWAAd1CiAHwoQGwAQG4AQM~CB4QChgBILIDKLIDMNsEOKkBaM4EcNoEeIAMgAHUCYgBgRWwAQG4AQM~CCoQChgBILIDKLIDMIQGONICaM4EcN0FeJ-BBIAB8_4DiAGo1AywAQG4AQM~CCgQBRgBIM4EKM4EMPAEOCJo0ARw8AR4ngSAAfIBiAGABbABAbgBAw~CBwQARgBILsFKLsFMOwFODBovAVw6wV4rAKwAQG4AQM~CBwQARgBINEFKNEFMIYGODVo1gVwhgZ4rAKwAQG4AQM~CCgQChgBIOMFKOMFMKYGOEJo5QVwoAZ4mssCgAHuyAKIAYfcBrABAbgBAw~CBsQCiC6CDjHAQ~CCkQChgBILwIKLwIMPkIOD1QvAhY2QhgvQho2ghw6Ah4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBIL0IKL0IMMwIOA9ovghwywh4miOAAe4giAGAWLABAbgBAw~CAkQChgBIMEIKMEIMNMIOBJowwhw0Qh4jl-AAeJciAH2-AGwAQG4AQM~CCcQChgBIMIIKMIIMNMIOBJowwhw0Qh4nW-AAfFsiAHpyQKwAQG4AQM~CCcQBRgBIO8KKO8KMP8KOBBo8Qpw_gp4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIPgKKPgKMIoLOBNo-Qpwhwt4vrYBgAGStAGIAeP_CLABAbgBAw~CCIQBBgBIPkKKPkKMPULOHxQiQtYrAtglQtorQtw9At4rAKwAQG4AQM~CBsQCiDHCziZAQ~CBsQBiDCDDi2BA~CBsQBiDEDDjoBQ~CBsQBiCaDTiTBQ~CCIQBBgBIN4OKN4OMJUPODdo3w5wkw94rAKwAQG4AQM~CBsQBiDXETi7AQ~CCgQChgBIMQUKMQUMNoUOBZoxRRw2BR40cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 790F 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIfBc15lWZbOUMoe69u8PiMOm2AUAAAAAOAHgBAI&bg=!0tGl0Z7NAAZxrfrxUa07ADQBe5WfOE0RLqyZnx9Qdq_695Mi4nwOSoUntqFKdWZz0bEZ9KFq-PvVDFSwlY74kGjGOF14AgAAArBSAAAAA2gBBwoAVoCa2pqy2B0BXHgY93aaV_uN4UbRHaotWXabun-5ap44yZhKbbJWtVE7yrMeXz3yr7PfibdBqJIJhqXGsXjWniuqoOJpbUEblqat2sCP-KR33xhrydPNmQLctUrWJuwR65Ank8x9wiKMbg8pcLLzU3hjze6lMqqsSIIkvilb2D3LA0i_7hqyqyP9BgWxMDHX4ZDDNshwe4afN-22Pyw9OE-QeWJsnVezgNsTHf9aQDT5T3NoemjGKIGDWiuw81OJIwN75pi0jdXX2SFJqKpDqEcY_T4968Oc791UWuGoK-vk65obILRkxRjOp-KzrHMTkPxnp4aJ0Rmoq0VIWNXpXu_hh2q3oGOF2zloGjz-E0aFj25L2brz3bxXPH2xkCjI6ZR-BC2jZWTSkdIuzYgbJ641RqJXna9DnNAXjLxUgfDJTy8S0h5Jt2aMkxJTV-oIDq0DwjYyFahOCV0oBzPjgY-LXj7ZJImFjlh_7v45-CUSN08mRCzbgNtkbbLHOb3JPHyFkjLvQFntoL98UkarhN9AhcWuAhxh_umuv5kTo5c3XQ-VAsWJA-WD_yLAnKlr2KgvKbNBPfwtY4_h43609q-OP-lrruXcJ21fT4nyzWDXyfN27FD_xGtJ8P3Jw3ZN_zPjIv8yBdi4DO8VoJAi8b1sRAPzO_YCxSRukjbuAft_KuzQlqep0a70Rhk99BPpHqVWmsnkWzu1rFkSvfIYYGKLFQh9y8wTycazJMPqOpmngjbMFuTBiCDPNzbyYsfNFHafIyeiNZA5U6JEBtM0BJRxdzW-JvJd07kRFzOewJE2rNumF3dO4l_uHeSWdQCjR2KdtXfPnKZ_pYSiGMWW6S3zHS5rZ_ZA2ZLxZIEOWRgXs_OlyT3piX0cqaLj7PiNtMbGeEV1yUdNPCZybuImTcDzQ4m8MBiZoXllzho82OyY87Ybe-Jf450FWQs00uD0mjlLexbiKA2dSgSCRHuh4x4qpZh0O--xRH_6g3wfyZ7wxbsNUE3252S2vmwdDdQDaT0d5ZXtp0G6xH4vTQksPWamt0sxH0pshllyHiXqh2Qt_ZPD_qAiGYqIjU2BrOwHj4OZ7-7R
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
_728x90_bg1.jpg
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_bg1.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d921015568f0a3b71ce30f6efad2fe3cfcdeaa9c17a683946e13d0924748da94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 04:46:10 GMT
x-content-type-options
nosniff
age
237127
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15762
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Nov 2024 04:46:10 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 6ACA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsskhEhR1t9Tm4wtIL6QByGepI0vmPyk6xs5kSZEcFh8BjM4iShqkOK0M2IGB0kcNIaRE6-8eHvaOdKMhgJ2fkL8540plHRpASexNKXSDGEhianRBBVddP_3454oCHo9nHaB7JT9cEyYkyTqcdDASgctWEmIUKxmW7YU0tGyHtXnUw&sai=AMfl-YQ4Wg7p0IW1Tn8Sz0hSxE1Kk6Knrew8pGKkO-_BuEdO5aSakCi8szlEMVrQa-YhvLZKd1NKY9GI2LLDaEaWCb4OeciFadXE97mvWw&sig=Cg0ArKJSzLyzNTWVlZkMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=712&vt=11&dtpt=382&dett=3&cstd=329&cisv=r20231109.17114&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 6ACA 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
522
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
_728x90_bg2.jpg
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_bg2.jpg
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d288569d31c44c2b5bf3971e7c4acab9d27401efb7212afa97b10e3e3ccbffab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:46:01 GMT
x-content-type-options
nosniff
age
93136
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16447
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 14 Nov 2024 20:46:01 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 741D 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BoSRD2JlWZeLmBISS9u8Pmv-JiA4AAAAAOAHgBAI&bg=!-Pul-7TNAAZxrfrxUa07ADQBe5WfOI2Tgp38YrEjaOxYNRY2-RSGH3GbeVFEM-o2zA2V1KFejDIOBmxAVyQjLJG-lsR-AgAAAoNSAAAABGgBBwoAIYb9S3_9uSDKmImIqonk142TcXU2StxD3LHzXJUqNJtEHZkC2csWthHcR9ZCGogxPdFsCYEtVEUWI2TXRyWmNfHB6OazhXstwgeJgOOnN9J46lKP2yWxOnwzQSDCqx2PS3nWP6pR54lasxaDklkM6sKDHfBGI1Bp9812sDct9BHhwW3TIg6cFghqyw5sTra_sPX6yb-frzPHjgxAuVmckQ5OEU0kvNB9vlO8aOP3lGp9rN-4vYAWdB6mOX-Ne3Uast5o4J6MZIkx9taLLsTr6nZvn8amBPh7SDUuGihCPlZcRjrcq8pNfNAjIR44n1uGtMzFhauMWj_MwdaxFnilUs24wnAKHv9gHM3pzvLF4w3N6cZ1tMl31f9uxlbCJv0LKgx8VogcpicV-OPlf_dNQ0h40trBj1-v6EY7kc6d9lxbubxOHq04BCzQktRm6j9KutJ3hCRX50TTQ4avLcX1O6wAzcJORZairtWXLK5I-JjMfGKwHe2MUXWDBUVVzqJ_Z6JKo1zZl6UxtURhVcpbyr8rTIYOw6dd5MroMPtfLL1-rDzuCxeqgME3ku3WyXic2umh52LeQK7FcRv60U2zgVQOyn0FiGOHgHD_9FLIFONg2UkxZHrEOw4iwncJCIm8iYmFsU-ZCQ9RFZ73GxlYxQLa5_bGDNL8y8oNQGASoa0VC_SvPh9CtNUu4akXDVicsn9t5SMA50I5fCihSkyy_-ZqIguivU3JFV4I_ws9HA7gEpqOAKNG9tvI1eGDV03zFwpydvq7SqmRhVBr4rDDIFy1Z1HDi-MwLn4lSX9md7_lUEHZ0LyMQVn03jQ-vox5tYR8lIkrVHFnNc-9hH_WABcdPigwpk_t80k814LZtv-pQ7ouBLeYlma-4gCAUCdMbCU_Gv89UA4FmVq8AGorgf-otV3_P23kfYUcX49mNWlT_Ll7F9U3XFLzq9g8zn3eYiNESjDqITLnjmT-2C85orl9NB70aYnN2OIhSZFMbHyiXUKCUJwiPQldYo2coQ
Requested by
Host: wwwproxy.uscho.com
URL: https://wwwproxy.uscho.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e0ad4af37844408ede5805a1ee5dc2c5e936f5ce2a96431ddf51e9d0475a3f0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12281
x-xss-protection
0
csi
csi.gstatic.com/ Frame D397 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvo8m&chm=1&c=3975831450135493&ctx=2&qqid=CMyauefKyYIDFR7huwgdYP8GVA&met.4=fb.5f~lb.11h~ol.1ga~idt.a9~dt.-oe&met.3=374.sn~113.1ls_1~112.1lr_1&met.1=1.lp1rvmmv~6.3~7.9~8.9~9.9~10.9~11.9~12.a~13.p~14.p~15.27~16.180~17.180~18.180~19.1g9~20.1g9~21.1ga&met.7=CBsQCBgBKAQwGjjaDmgLcBl4iReAAd0UiAGSMLABAbgBAw~CCgQBRgBIMQBKMQBMOcBOCNoxQFw5gF4rAKwAQG4AQM~CBwQChgBIMQBKMQBMPABOCtoxQFw7QF4qfgBgAH99QGIAYXHBbABAbgBAw~CBwQBhgBIMYBKMYBMPgBODJoxwFw9wF41gKAASqIASqwAQG4AQM~CBwQBhgBIMYBKMYBMPgBODJoxwFw9wF4rAKwAQG4AQM~CB4QChgBIMYBKMYBMNwBOBVoyAFw1gF4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBIMcBKMcBMNwBOBVoyAFw2wF4iUWAAd1CiAHwoQGwAQG4AQM~CCoQChgBIMcBKMcBMKECOFtoyAFw_AF4n4EEgAHz_gOIAajUDLABAbgBAw~CBsQBiDHATgh~CBwQARgBIIcDKIcDML8DODhohwNwvwN4rAKwAQG4AQM~CBwQARgBIIgDKIgDMMEDODloigNwwQN4rAKwAQG4AQM~CCgQChgBIJADKJADMMcDODdokANwxgN4o2-AAfdsiAGDogGwAQG4AQM~CCcQChgBIMYFKMYFMNUFOA9oxwVw1AV4nW-AAfFsiAHpyQKwAQG4AQM~CBsQBhgBIMYFKMYFMIYGOEBoxwVwhQZ4rAKwAQG4AQM~CBsQCiCOBjgo~CBsQCiDfBziAAQ~CCcQBRgBIOwHKOwHMPsHOBBo7Qdw-gd4oWiAAfVliAH-sAKwAQG4AQM~CBsQBSDgCTjPBA~CBsQBSDhCTjEAg~CBsQBSDhCTjRAg~CBsQBSDqCTjuBA~CCgQChgBIJwPKJwPMK0POBBonQ9wqg940cABgAGlvgGIAf_-A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
prebid
id5-sync.com/api/config/ 		135 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533570.ip-162-19-138.eu
Software
/
Resource Hash
9122d35ca0b1532a344f0801f9004b862de73fe3ec70d6eb04a345cc02e8e2a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/ 		43 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id?c=17248
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.65.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-65-19.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache
x-server
10.45.21.194
access-control-allow-credentials
true
content-length
43
expires
0
envelope
api.rlcdn.com/api/identity/ 		0
256 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=88
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://wwwproxy.uscho.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
rid
match.adsrvr.org/track/ 		63 B
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8&fmt=json
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
e4aa596e33871bdb3e7cbea283df24410b997228ff5ee3b4f19af8bdfad8f251

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Sat, 16 Dec 2023 22:38:18 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame D543 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4191647241486880&output=html&h=280&slotname=6384904019&adk=44889110&adf=2185445919&pi=t.ma~as.6384904019&w=650&fwrn=4&fwrnh=100&lmt=1700174295&rafmt=1&format=650x280&url=https%3A%2F%2Fwwwproxy.uscho.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700174294529&bpp=2&bdt=1194&idt=569&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C300x250%2C300x250%2C300x600%2C300x600%2C300x600&nras=1&correlator=2280687409296&rume=1&frm=20&pv=1&ga_vid=2044206632.1700174295&ga_sid=1700174295&ga_hid=1637000408&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=3180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C44807764%2C44808149%2C44808285%2C44809057%2C44809072%2C31061691%2C31061693&oid=2&pvsid=3975831450135493&tmod=577653650&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=572
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:29:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
523
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24357
x-xss-protection
0
server
cafe
etag
17020722232796629264
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 16 Nov 2023 23:29:35 GMT
usync.html
eus.rubiconproject.com/ Frame E12C 		281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.202.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-202-12.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 22:38:18 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
rubicon
ex.ingage.tech/v1/syncPage/ Frame 34B0 		951 B
644 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ex.ingage.tech/v1/syncPage/rubicon?userId=cb047f61-843e-4b73-95f4-cdfc29323fad&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82733932c8d4697f-FRA
content-encoding
gzip
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
server
cloudflare
vary
Origin
/
sync.aralego.com/idSync/ Frame 705B 		35 B
413 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3DUCFUID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.210.196.208 Lanham, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

connection
close
content-length
35
content-type
image/gif
date
Thu, 16 Nov 2023 22:38:18 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame C266 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
50444
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 16 Nov 2023 22:38:18 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 16 Nov 2023 08:37:34 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
453, 360026
X-Served-By
cache-lga13626-LGA, cache-fra-eddf8230116-FRA
X-Timer
S1700174298.071369,VS0,VE0
beacon
ap.lijit.com/ Frame 6F2C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13406715
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Thu, 16 Nov 2023 22:38:18 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap6ams1
pd
u.openx.net/w/1.0/ Frame 294F 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
v1
match.sharethrough.com/universal/ Frame 8B09
Redirect Chain
  • https://ex.ingage.tech/v1/syncPage/sharethrough?userId=cb047f61-843e-4b73-95f4-cdfc29323fad&to=https%3A%2F%2Fmatch.sharethrough.com%2Funiversal%2Fv1%3Fsupply_id%3Djc3Tkmr6
  • https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.37.65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-37-65.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT

Redirect headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82733932c8d8697f-FRA
content-length
0
date
Thu, 16 Nov 2023 22:38:18 GMT
location
https://match.sharethrough.com/universal/v1?supply_id=jc3Tkmr6
server
cloudflare
vary
Origin
cb047f61-843e-4b73-95f4-cdfc29323fad
ex.ingage.tech/v1/sync/loopme/ Frame 0D5D
Redirect Chain
  • https://csync.loopme.me/?pubid=11530&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Floopme%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D%7Bviewer_token%7D
  • https://ex.ingage.tech/v1/sync/loopme/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=88248b4b-b127-4075-8c3b-efbeb859fe1e
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ex.ingage.tech/v1/sync/loopme/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=88248b4b-b127-4075-8c3b-efbeb859fe1e
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cache-control
private, max-age=1296000
cf-cache-status
DYNAMIC
cf-ray
82733933694c697f-FRA
date
Thu, 16 Nov 2023 22:38:18 GMT
server
cloudflare
vary
Origin

Redirect headers

content-length
0
date
Thu, 16 Nov 2023 22:38:18 GMT
location
https://ex.ingage.tech/v1/sync/loopme/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=88248b4b-b127-4075-8c3b-efbeb859fe1e
server
_
pixel
ap.lijit.com/ Frame 5531 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fsovrn%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D%24UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Thu, 16 Nov 2023 22:38:18 GMT
X-Sovrn-Pod
ad_ap6ams1
cm
u.openx.net/w/1.0/ Frame 9A68 		43 B
120 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?id=b355ce4f-581b-4a1c-8c84-81fe81e4bc39&r=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fopenx%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-length
56
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame CE94 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3DPM_UID
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=124918
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
Sat, 18 Nov 2023 09:20:16 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 73AB 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.149.180 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1041
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
827339330bc16acb-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
Fri, 17 Nov 2023 02:38:18 GMT
last-modified
Mon, 25 Jul 2022 19:18:26 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
cb047f61-843e-4b73-95f4-cdfc29323fad
ex.ingage.tech/v1/sync/amx/ Frame 0D96
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Famx%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
  • https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
25 B
81 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c85f03ee7ffd8a409d628d4b368b63454b8f70fd43c2747f88f41df5dbc23f3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
82733932f8f1697f-FRA
content-length
25
content-type
application/json; charset=utf-8
date
Thu, 16 Nov 2023 22:38:18 GMT
server
cloudflare
vary
Origin

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Thu, 16 Nov 2023 22:38:17 GMT
location
https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
server
envoy
x-envoy-upstream-service-time
0
/
ssc-cms.33across.com/ps/ Frame 11EA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
server
33XP004
x-33x-status
2000208
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B4AE 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=124918
content-encoding
gzip
content-length
5622
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
Sat, 18 Nov 2023 09:20:16 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usermatch
ssum-sec.casalemedia.com/ Frame 5BBC 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7806495d7735fda9d0d9d2db6992711d64ecd8c9f9a7d8cb20527b44bd7c4aa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82733932e89e195c-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiPPe78fuE5RD%2BLUFIPXQSKrSH%2FmSe35AxzCd9UYXURKLmt%2FA2nXiQ3kR%2BWMNWv%2BLsOxm6kYkYHC047Woe7Zfc70%2FotbeRnUb5atQjqZ42WwGrtxKhUASTLxQQDDv4peK6TSgGXWeCPerg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
isyn
prebid.a-mo.net/ Frame 58E0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Thu, 16 Nov 2023 22:38:17 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
0
_728x90_btn.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_btn.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
323e5af8a33b9e65da9de11179875c91d6f4db5cfc79e2e444d8a7d98b353400
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 13 Nov 2023 23:31:48 GMT
x-content-type-options
nosniff
age
255990
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1261
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 12 Nov 2024 23:31:48 GMT
dt
dt.adsafeprotected.com/ Frame 2CE1 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8e38dd9e-d96f-1a1d-b850-f65ba9af288d&tv=%7Bc:ub0J6K,time:1501,type:e,im:%7Bpci:%7Btdr:939%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1502,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1497~0%5D,as:%5B105~0.0,1392~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:836,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a.990511-61634099%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d*.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:17,sis:390%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
x-server-name
dt04.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame C168 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=7a654903-c0c5-b0b2-1465-21a9dfb53cd7&tv=%7Bc:ub0J6L,time:1378,type:e,im:%7Bpci:%7Btdr:809%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1378,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1372~0%5D,as:%5B1110~0.0,262~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:641,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a*.990511-61634099%7C1a1%7C1b%7C1c.990511-61634099%7C1c1%7C1c2%7C1c3%7C1c4%7C1d.990511-61634099%7C1d1%7C1d2%7C1d3%7C1d4%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1a*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:25,sis:326%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
x-server-name
dt05.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 2CE1 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8e38dd9e-d96f-1a1d-b850-f65ba9af288d&tv=%7Bc:ub0J6N,pingTime:-10,time:1504,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE1OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1700174297305%7C%7C482796b88de8bea442a5935e94c6171a%7C%7C1b7de7e82db1163ab7a1342e5def95a8%7C%7Ced282235ab6bf81bd2e43af91c8d1416%7C%7Ce7b3cf40cd46c2d9755fd8532f9bfd00%7C%7C8e3fb72caccd3113b1b4ab7bfc68fe08%7C%7C6f3fd42ff1e332634150520477449d74%7C%7Cd6fff7f3a9477b7f28869586ae1dd585%7C%7C1663701684,sca:%7Bspg:8fda29e4-8b7b-9a3b-8529-f9099e249d77%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
x-server-name
dt06.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gen_204
pagead2.googlesyndication.com/pagead/ Frame 766E 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Btw9D2JlWZY6iE8yNjuwP17Cr6AIAAAAAOAHgBAI&bg=!PT6lPnHNAAZxrfrxUa07ADQBe5WfONq6lzHjh1BRfVu1vc59r1vTtfXImjBzuA8S_9jRcMBPK2pxV10cpr6yUTdqKr-5AgAAAhNSAAAABGgBBwoASwTNE-jSxVlcKeRLj73bmU83ZGhu4OyXhlKGevFJUWiGptAtheUDek9kNijzJspLfYoTMEpUXgXELUDC33zfsmK7IYnCKZMdBHZ8fZkDAiFZ7gDiIvgghBR-HSH7-G-n-bjQXlRK410ZSgVlmpHnhFl29sEtY3HsZLJc_KhTFlko_17YkTrm34727oYAbxmwvBTvi5XSzi8pWVE2dDHrowCkEhHL97Gj79Tg-S7q0ovmxZDlfqmptspU2KXmycKdFi_XweEMuTobVUuWi1jfKcU9b-e3R6w7rgb9ObtPj3hjLcxrFvyGsBLdbLGH478knjx6m0YBIVHVZR0qtMikcbdZjygdIkfZgAVjtcFgbNPfY0j0kCvrNFg0mIYa-p99R-CoV-Ag7KSrXg71U_2BOnynL7ix3soAQ4zFOOX2xGz-x6MDFl1ufJ-5f4yCj3EJuaZ-wfFuM-3zycJjFV0Exx3-VPzYB7uYUjIYLA8Gxk5jtWPE3j8QcE4esQyAx0TAH25emTHXYSneqD0ZBUDRdbkYwJxSjOHpjODT4le0gKGDmS-w3S3ycJJLU8F5LZr4l1bM7J9XZsY8qxjilzr7HrvXNUqqU67R_rWIFcsuak96q3dnlyYWcWkofxFkZ81ppPa2e57EJW8wSjXriX77jCupUEFcK10qPcCxxgQVQRVhbg0fggaiTQ7e2mMUUCzXwxlsAEP8_hrgWq7Y_gm5-JbRLoBCFYZqrTytWYRwVwuC0CN4L5_7Xj9htrOI9mpIc-Jb6kO_HU0JZuL8ncPzWedjrsbYektK4bwPxuwBbggno3Yf1JlZ7ceRUImwpPLizGYa2OWJO1JOLXuAF1AiuyDt6c38o0Lyd5MwUgYr60XIb1AihoJ0c4cXQBzfDGHDYziDWfNjvw5GF0Tf7qLww7wTX1ocxbZSBhBOPY4t2COi3WVsOJBKXkmBcS-zxYDV8j-ZLEncS3itLCrKFvBIGsDl6Pon8Rr-UcFHgGNMa4ye4ErNP202CybhXkgXVIt_MjEAJPjQSTT9UBQ6dK5hsGkCWAC6l_WabqauqB021Pc4B1AogqyLKwKxDwMQOtIVArWo2lYWtdt3mQLGhSDagRo78W5lEnX05JZpygA5Rtyp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4191647241486880&plah=wwwproxy.uscho.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 16 Nov 2023 22:38:18 GMT
dt
dt.adsafeprotected.com/ Frame B338 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=8fda29e4-8b7b-9a3b-8529-f9099e249d77&tv=%7Bc:ub0J7b,time:1589,type:e,im:%7Bpci:%7Btdr:1095%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1590,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:41,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:sp,cc:0.0.300.600,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1581~0%5D,as:%5B1581~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:277,fm:tVOC5as+11%7C12%7C13%7C14%7C151%7C161%7C162%7C17%7C18%7C191%7C1921%7C1a.990511-61634099%7C1a1%7C1b%7C1c*.990511-61634099%7C1c1%7C1c2%7C1c3%7C1d.990511-61634099%7C1d1%7C1e11%7C1e12%7C1f1%7C1f2%7C1g%7C1h1%7C1i11,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:43,sis:432%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
x-server-name
dt14.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
b789904f1040c2ffaa49c39466ca30151485a1755e8af916d5c08fff599a4d61
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
_728x90_logo.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		693 B
727 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_logo.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0be0aca44bad073453d3f107123dc563fa9f6d92889d2ef3b2b2d27a6a643457
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:16:38 GMT
x-content-type-options
nosniff
age
177700
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
693
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Nov 2024 21:16:38 GMT
csi
csi.gstatic.com/ Frame 6ACA 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvobh&chm=1&ctx=2&gqid=1plWZbXOMJCd9u8PkJufiA0&qqid=CLDPmOfKyYIDFVGqmgodBWwOgQ&met.4=fb.5~lb.qm~ol.1a8~bdt.-29e~bpp.-1cc~idt.-16a~dtd.-15c~dt.-1ch&met.3=374.kj~374.xf~113.1ed_1~113.1ee~112.1ed_2&met.1=1.lp1rvmx5~14.0~15.0~16.0~17.0~18.0~19.0~20.0~21.0~22.ds~23.ds~1.lp1rvmqc~6.0~7.0~8.0~9.0~10.0~12.2~13.f~14.f~15.4j~16.83~17.83~18.83~19.1h0~20.1h0~21.1h0&met.7=CCgQCBgBMAE4AQ~CCgQBRgBIAYoBjAqOCVoDHAqeKwCsAEBuAED~CBwQChgBIAYoBjAvOCloCnAreKn4AYAB_fUBiAGFxwWwAQG4AQM~CCUQChgBIAYoBjAbOBQ~CBsQCiAGOE0~CB4QChgBIAYoBjAZOBNoCnAXeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAYoBjAaOBNoCnAYeIlFgAHdQogB8KEBsAEBuAED~CCoQChgBIAcoBzB-OHhoC3BXeJ-BBIAB8_4DiAGo1AywAQG4AQM~CBwQBhgBIAcoBzA7ODRoC3A6eNYCgAEqiAEqsAEBuAED~CBwQBhgBIAcoBzA7ODRoC3A7eKwCsAEBuAED~CBwQARgBIKcBKKcBMNgBODBoqAFw1wF4rAKwAQG4AQM~CBwQARgBIKgBKKgBMNgBODBoqQFw2AF4rAKwAQG4AQM~CCgQChgBIKsBKKsBMPoBOFBorQFw-gF472-AAcNtiAH0ogGwAQG4AQM~CCcQChgBIN4DKN4DMOwDOA9o3gNw6wN4nW-AAfFsiAHpyQKwAQG4AQM~CBsQBhgBIN4DKN4DMJ0EOD9o3gNwnAR4rAKwAQG4AQM~CCYQChgBIOADKOADMO8DOA8~CCcQBRgBILgFKLgFMNAFOBhowQVwzwV4oWiAAfVliAH-sAKwAQG4AQM~CBsQChgBIN0FKN0FMK4GOFFo3gVwngZ4poUCgAH6ggKIAfv1BLABAbgBAw~CCkQChgBILMHKLMHMMQHOBFoswdwwQd4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBILQHKLQHMMIHOA5otAdwwgd4miOAAe4giAGAWLABAbgBAw~CBsQBCC9Bzh1~CCcQBRgBILIIKLIIMMIIOBBotAhwwQh4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIIEKKIEKMJIKOBFoggpwkQp41RKAAakQiAGELLABAbgBAw~CCIQBBgBIIEKKIEKMLkKODhoggpwtgp4rAKwAQG4AQM~CCIQBBgBIP4MKP4MMLUNODdogQ1wtA14rAKwAQG4AQM~CCgQChgBIJ8NKJ8NMK4NOA9ooA1wrA140cABgAGlvgGIAf_-A7ABAbgBAw~CCgQCBgBMBA49Q5oAnAPeMIigAGWIIgB8UagAYv-_________wGwAQG4AQM
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame E12C 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.202.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-202-12.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:18 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2023 12:56:28 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=51437
Connection
keep-alive
Content-Length
13230
Expires
Fri, 17 Nov 2023 12:55:35 GMT
dcm
s.amazon-adsystem.com/ Frame 5BBC
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
HTTP/1.1
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:18 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
CMA1ZAND3DJJX4EJF5GA
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:18 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
SVH67CSMB7SE3A7A2J6Y
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
28292
i6.liadm.com/s/ Frame 5BBC
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=301c69a9efb449929e021eaf737190d5
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:f0c6:ec14:4b0d:2411 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:19 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Date
Thu, 16 Nov 2023 22:38:18 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
2
casale
match.adsrvr.org/track/cmf/ Frame 5BBC 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
server
Kestrel
content-length
70
content-type
image/gif
usermatchredir
ssum-sec.casalemedia.com/ Frame 5BBC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESELJ0jqya_4NPm2V2c8682WU&google_cver=1
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESELJ0jqya_4NPm2V2c8682WU&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfXl1PKincOV%2B6e%2Bv0XmMvb15FKZgmmNUPm9dubBKqhgF3V0EaIzUjtr4IuTnlflr8po0N7Hf7%2B3TESOV11rGAbtH36sv75ibV6Y%2BDwylmeeVM8kEd1gzssFHPZNw2Pr5mBldpuyixo1YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733933aaa2bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESELJ0jqya_4NPm2V2c8682WU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tp_out
d.adroll.com/cm/index/ Frame 5BBC 		42 B
181 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/index/tp_out?advertisable=3GMDZMBFQREVBC75SYYKWH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe04:ef70:7dcd:5ce0:30c1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.22.1
content-length
42
vary
Cookie
content-type
image/gif
sync
x.bidswitch.net/ Frame 5BBC 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.187.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-187-29.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
crum
dsum-sec.casalemedia.com/ Frame 5BBC
Redirect Chain
  • https://trace.mediago.io/ju/cs/indexexchange
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8132f42412b61xm00lp1rvom8
43 B
728 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8132f42412b61xm00lp1rvom8
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41lqxXpmYyyJ9CgzyS1W0N4emRy5E826AjA5Es7nBoE4LnKwobIaPGZyk4XwGWcSDEaGRVH91j06BpmwGH95nXhNnfh3A3ndPziWnitNLFeHYkYsmNJZXJ8ufooCwmhIgwDNQ4OvmUIenw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
827339362c49bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Thu, 16 Nov 2023 22:38:18 GMT
via
1.1 google
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8132f42412b61xm00lp1rvom8
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
crum
dsum-sec.casalemedia.com/ Frame 5BBC
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=GR4C4Mgi1R3L065
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=GR4C4Mgi1R3L065
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EV%2FSUZvN%2FCW1hwnBfI6pCn%2Blf4oCNdqo%2Fi0mww%2BRJcEGFdLYhb68l8BoTgWgm4doZJ3dn0jpGYj4Xb7tHQmIVN4RtibgrkejGsNRhFpiSpS4wefXzVNyFZvjhZqwb6xd%2FeJsStnZYFtiMg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733933cac9bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:18 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-029f22d856dc4e10e@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=GR4C4Mgi1R3L065
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cb047f61-843e-4b73-95f4-cdfc29323fad
ex.ingage.tech/v1/sync/ix/ Frame 5BBC 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ex.ingage.tech/v1/sync/ix/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcb047f61-843e-4b73-95f4-cdfc29323fad%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
cache-control
private, max-age=604800
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
827339336948697f-FRA
vary
Origin
gen_204
pagead2.googlesyndication.com/pagead/ Frame D51A 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BdBlw2JlWZYD6G5Pc7_UP64OM0AIAAAAAOAHgBAI&bg=!Tk2lTQLNAAZxrfrxUa07ADQBe5WfOCzvfIxx5t7ucHqvRg0ppqXTCCxzTSI6b58MsmSyvkXOAm--w18QyPaeGnZTUmVLAgAAAddSAAAAA2gBBwoAKT2kWmdVhW_zfGoUdwd7uOg1nzRqRg3Xbcug1QCM_dXpcODD_RhphuyumQMTU8V3iSixl-Za8YNBzGz_jbIG5CRBRtj2FhTEcmlKEEWd096xL2ZAEWNxXewmYkUa_17v2vwLm5xKDtOTwiuBc3_PRKTJLfnHJcryfyMcQIp4OBQw1_kvmpSWRzwNvC4mhO82oxKp0EbuKl7PAcys6q3_cCwigeAzxVDEQytiOU5A8_mSD626EgVqhN7eBb6Hg6lY_7lisrX4JYDeFX5M-_Qo0YVOBG4EXLJnpqYMlnV2Hi_3AtYpJbAW-tVAeCrUzo36xruTxuVGQRQ_DjB5FYMP0-aLXzgk_geqtDYFtUvgB4O3EIUwA_GwD0y6j5OG3mAooEzI2YnTecdawAE5hKesZgosSKW4lfQk60Aei1dR5K_sxEdvy7RB0-zgOXWs7xY-Sbq_Ee7DYQDBZWU_Lx05b6Cxk8DWtmLHj-uU8RSXOywhM50PVVgklGlvqjrFxn3hVB7el4yDzM9UcMVWbL6uSQyv_99dLfFwD01vf_c-4ma0gR85fFI-bjEzaQidw3YI-5q9y_bZF0fGCvMJwFYhGJzK1NrbDek7H2Y64RaBzwGKGA13mDPG5ltyk7va_bUpi9YxcS_sUWYxIBAStkNOMOR_3s54w25B8FZ5BJLhu-XOw6JKToZttY_AiybzzrD7Q1tuwd0_MIWCVs1keLnb-M8oF5TygPggGXKdtSEjqnNKU4XPVa84G1wYmqzLnr9O-4geGU3hxy7EVANl_Lo_KWYPo6G4cMoSCRttmU7d_HuAWRDhQW3B5tvyt_NqRR6FXbI5lUKW7Xg9YAvrtBdtNWOudQSSd0x75k9NwZ8Prwr7dp7D-nx41gbzAfDhU3PbDYyoO3y6QXCcAWwCUlOAs7Vku0qH6vCnn4be6MU7oMVql70K1xFeiSkfizyi-FLDJidsLeUfpGvt8SIY__gJF8CXohnn-5ErRWlodAzfFj_Wxept3rNA0UN49_n1BUH6J5-WD2VjddCb6Wc68PIcs0Cfvv6VLSYN-gOV8ApnRXH8FVVm-e3in-agcRnHLNFCNHfTBLrHSSLXn2kMsUG28g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame C266 		0
598 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
an-x-request-uuid
f3ae044e-4194-4103-a539-b9394549c988
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
_728x90_t1.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_t1.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1ff39cab0ad3ca8bc174726bcf9c7ef2e1de32ce43d0f786dcc94062a747e3c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 21:16:38 GMT
x-content-type-options
nosniff
age
177700
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1082
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 13 Nov 2024 21:16:38 GMT
usermatch
ssum-sec.casalemedia.com/ Frame AC31 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
baff14b391855fc2950612033035a23c5da5d92b90821e785216041a5912e96b

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
827339336a78bb55-FRA
content-encoding
br
content-type
text/html
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zzvDY7o3ljhrNMoHgjXdPYWXSa%2BfmImJncmFhlAgL5o%2BjcOvRu6Ku3XySgLtuKnM%2FVQMPBd%2Bgf6SUuTszYEe66HP91lRecnlrl00JysOt5nWBD%2BIDPyr8AlC72BVZhbvcAVFLtEZoNQnnw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
csi
csi.gstatic.com/ Frame D543 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lp1rvocc&chm=1&ctx=2&gqid=15lWZdOKB7Os9u8PuIunyAw&qqid=CLOOrOfKyYIDFVGqmgodBWwOgQ&met.4=fb.7~lb.1al~ol.1qi~bdt.-1uu~bpp.-xm~idt.-hv~dtd.-hs~dt.-xo&met.3=374.ox~113.1ts_1~113.1tt~112.1tr_2&met.1=1.lp1rvmil~14.0~15.0~16.0~17.0~18.0~19.0~20.0~21.0~1.lp1rvm0u~6.0~7.0~8.0~9.0~10.0~12.1~13.b9~14.ba~15.fm~16.m9~17.m9~18.m9~19.288~20.288~21.288&met.7=CAUQCBgBMAE4AQ~CCgQBRgBIAgoCDArOCJoC3AqePYDgAHKAYgBjgOwAQG4AQM~CBwQChgBIAkoCTA5ODFoCXA3eLb4AYABivYBiAGSxwWwAQG4AQM~CB4QChgBIAkoCTAaOBFoC3AZeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAkoCTAbOBFoDHAaeIlFgAHdQogB8KEBsAEBuAED~CCoQChgBIAkoCTByOGhoDHBLeJ-BBIAB8_4DiAGo1AywAQG4AQM~CBwQBhgBIAooCjA8ODNoDHA7eNYCgAEqiAEqsAEBuAED~CBwQBhgBIAooCjA9ODNoDHA8eKwCsAEBuAED~CBwQARgBIPYBKPYBMKcCODFo9wFwpgJ4rAKwAQG4AQM~CBwQARgBIPoBKPoBMKoCODBo-gFwqQJ4rAKwAQG4AQM~CCgQChgBIIICKIICMM8COE1ogwJwzgJ4426AAbdsiAH9oAGwAQG4AQM~CCcQChgBIJkEKJkEMKkEOBBomgRwpwR4nW-AAfFsiAHpyQKwAQG4AQM~CBsQBhgBIJkEKJkEMOAEOEdomwRw4AR4rAKwAQG4AQM~CBsQCiCaBDhE~CCcQBRgBIO0FKO0FMIEGOBNo7wVw_QV4oWiAAfVliAH-sAKwAQG4AQM~CBsQCiDVBjigAg~CBsQBSDFCTi3Aw~CBsQBSDGCTibBw~CBsQCiDHCTjkAQ~CBsQBiDHCTiQAQ~CBsQBiDHCTh0~CBsQCiCLDTilAQ~CBsQBSCLDTioBA~CBsQCiDrDzhb~CBsQBiDsDzhP~CCgQChgBIPIRKPIRMIMSOBFo8xFwgRJ40cABgAGlvgGIAf_-A7ABAbgBAw~CAUQCBgBMJYDOMgWaAFwlQN4h2uAAdtoiAGplwKgAYH7_________wGwAQG4AQM
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame B4AE 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=34756363&p=95054&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:17 GMT
content-length
0
khaos.json
token.rubiconproject.com/ Frame E12C 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
c1913d0f161dfd12bb229b87994a2d1d
Expires
0
369.json
id5-sync.com/g/v2/ 		251 B
535 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/369.json
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533570.ip-162-19-138.eu
Software
/
Resource Hash
d603428d6465c58f7bdc43fe19c9693fff09fa3b5ac5a7734d5dd049aeb3de28
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
_728x90_t2.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/_728x90_t2.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
13ea63c90cacf953e3eba54a5083eeae0a4ee8e1b67fedbd594e7f3128eaaa1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 22:05:57 GMT
x-content-type-options
nosniff
age
347541
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1055
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 11 Nov 2024 22:05:57 GMT
28292
i6.liadm.com/s/ Frame AC31
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZVaZ1wuGuA8t6El6il2hVgAA%263397&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=c36aaa89212e48f4a2bcd30a37aec7f8
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:f0c6:ec14:4b0d:2411 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:19 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-1nWSivgNgpmycfDrRiQATHqfWf09Ir5hMA-gyg
Date
Thu, 16 Nov 2023 22:38:18 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
2
ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame AC31 		43 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:bc0f:4713:12cd:b626 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
crum
dsum-sec.casalemedia.com/ Frame AC31
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8414711145187518219
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8414711145187518219
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=de1aCehbHJPhPhEQajb5NWdkTxyBdcmNXmnKJgbjDrpbuJl27vCfCqdxagwHdLoy43KfkoG5bSF%2F3Iph%2FlUrhY8m6psmNETsb2qcqmOP6fHR4ebJhBuX8FsCT9%2FNzHpliRVdFdwWeUFFBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733933dad5bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
an-x-request-uuid
26f84321-241f-4301-8180-44a19eaa7272
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8414711145187518219
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
user-registering
ads.stickyadstv.com/ Frame AC31 		43 B
652 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:192:1::173 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:18 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1700174298190080-422
crum
dsum-sec.casalemedia.com/ Frame AC31
Redirect Chain
  • https://trace.mediago.io/ju/cs/indexexchange
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8c1bfc6592bbow200lp1rvom9
43 B
732 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8c1bfc6592bbow200lp1rvom9
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdF79J2J2HpTNhcWnGFBJDt3m%2BXT0b0iR4R6tGYUpoK1IoE8KMXqLXY4kM1mxrvhMCbLjvYgRRlEaZ2RmLLXetTvcJcwyISy%2ByMc8MPncKmdCZ9KWquMGfkPCN2FSMrmG2e%2F1jMsSDTT3A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
827339362c4bbb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Thu, 16 Nov 2023 22:38:18 GMT
via
1.1 google
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=1b7de7e8c1bfc6592bbow200lp1rvom9
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
CookieIndex
rtb.adentifi.com/ Frame AC31 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.103.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-103-95.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
crum
dsum-sec.casalemedia.com/ Frame AC31
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5CINIXgxVNseA20xSuyasoxlmEuy7djMWeJIKrwBd5VOlih18%2FHhrv72mw7gQ0LsDvujj7OO3YsUc4xCU%2Bgp7YJBzb1%2BIVQvTptaH14n94c7jXMvclzKJ0An35SPdvSpiSfgAxgyw3WOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82733936aca1bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Pragma
no-cache
Date
Thu, 16 Nov 2023 22:38:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
rum
dsum-sec.casalemedia.com/ Frame AC31
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=qyPVnmOPXyNfoHzh_CaV57Ki0Yw
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=qyPVnmOPXyNfoHzh_CaV57Ki0Yw
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pyFJ2mvv6x7USlPebvmncdyYYtel2kaXLBFNFiSjrLsoImXPinURgiC5KS6mZ4yqd2Zo5F520L5xUni9dTH9oz%2BLCB7Kz6aFzwn75cxBzwhTvZCX6CprffYHapW6f32rkXp%2FOeF1KWW7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
827339367c83bb55-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=qyPVnmOPXyNfoHzh_CaV57Ki0Yw
Date
Thu, 16 Nov 2023 22:38:18 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
htw-pixel.gif
cdn.indexww.com/ht/ Frame AC31 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?ZVaZ1wuGuA8t6El6il2hVgAA%263397
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.149.180 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
75155
etag
"902a3d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82733933dc7c6acb-FRA
content-length
43
expires
Fri, 17 Nov 2023 22:38:18 GMT
usync.html
eus.rubiconproject.com/ Frame 34B0
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by
Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=cb047f61-843e-4b73-95f4-cdfc29323fad&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.202.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-202-12.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ex.ingage.tech/v1/syncPage/rubicon?userId=cb047f61-843e-4b73-95f4-cdfc29323fad&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 22:38:18 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 16 Nov 2023 22:38:18 GMT
location
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server
AkamaiGHost
splash.png
s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/ Frame 070F 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/splash.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fdcadbf224bfe461644696c1eeaceb184b9906bfbe08a47a388680939df0e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/37525695813651387/Programmatic%20Banners%20DE_AT_728x90/Programmatic%20Banners%20DE_AT_728x90/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 22:05:57 GMT
x-content-type-options
nosniff
age
347541
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5155
x-xss-protection
0
last-modified
Thu, 28 Sep 2023 06:01:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 11 Nov 2024 22:05:57 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FF15 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
16635
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 18:01:03 GMT
expires
Fri, 15 Nov 2024 18:01:03 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame BB56 		829 B
560 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f6ae1c6b848303e5e839e14330b76fd5162968a269fa900a8909992eb58af9f9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-JC-rfdJO4Ok9T8j38YxnKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-JC-rfdJO4Ok9T8j38YxnKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:18 GMT
expires
Thu, 16 Nov 2023 22:38:18 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gen_204
pagead2.googlesyndication.com/pagead/ Frame CC0B 		0
24 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BtzuP2ZlWZZuTAbjC1PIP6v2xsAcAAAAAOAHgBAI&bg=!HR6lHlHNAAZxrfrxUa07ADQBe5WfOHPUbsxF4K8VnpdHjr7z4ddCB1X1ciiRw2uSo6Qj4Tz7wNmRo1BrTgEPd_RjYKPKAgAAASFSAAAAAmgBBwoAXCCqTl8pgZtoRvqbAyZ5-CimjtFdbg1TbqwvqMcb3VWcJ2pTuIRZY7w_RqgxASM520_T9BdFsmNHbPv5yz6TAkCMP2Wfsu6Ez4GrrONmfCR8m4SejP3dTGw7fim8mQMeJXxZbCkXw_2shToMapwfYD8PuPX5qoE1th4vVeJdUcUuzRk9oDWhyMHpMS_HR8-3d2mgRGl7-xGphIB0rc-daYkcVt1BTPxyHDp2AzveMtGHsI-ZPRll35W5SiBjAB7VAm73PNq-GoiiT0IOVmp4y221Fm8MMpTdVfAYMSl0c3CJxmEPfAqGa3_Wmr2SLOjYvjHTcUcTRFiCfvMA8QoXmMKSQ8g48P33u8ComaBdyyiwr48WPNDLvA6oN0Br2XmNCJxLmOJwqJpgK245COZv2CDi6wpLLEjCbZ-9dpZdLupTOAf4fahe5bxe6EOVRySicR7xBjRrryHslssNHg4yPWIAfFEEsObXCGMdtq9gvA5PyPYKCBI6LwKlKKLZk_Afzf-pbQYHTbo6S6MQ3JHZC4lJ6q4H3xNqQMWgTsbt6r4r7dC_eZ0AK_n1TuZn5-80kqX8cN7waEoiJ1Q6QlmJ544auLMBmdMPt74kNvB-poD5gvuZIfPxBMffjbL60pboxGz-n3zXvoEMgM5femQTF94UtqXOtzeP_wJMRS6Gv1NxRPgiWS-qT1YgP-vMT8p8wu7wkiCax3p1Skns7LV5ddL7_x3pTZ8Z6j2TiMjEgwgkS15IDm3fEpXWRb-oPb5lalNRKq2ClGhoYio-PGx-9kjbZjNTMMwXI0Ji1Bbo8cBd7IInVthAtm-DS1ErLcJFhkgyYQQr8eBcTEDtUpT-Tq14rQ31r--ffXEqbdQLN8qpmChDRZ8fBkpxRe2PaCYbAYTtD2TFjbp0VwQStPBItOe-Z2vNv2pb28fOQGHQeBDSec0x8JtoTAW2OXJf0QjcJwW17ekyppkobi1R2M8NiVeqgBDTsRabJO9rsuip4r1DuW4XX-eM3jqiQxcFOSuiheVtp13DrnZTFYvYk0EEVR9_GUykeWowlhLLot5YFvAS9ZUf3sksnKOjbqJRXXhecQxScPkq8F2OQO9wzM5GVuLV9TMGEmmwvq0qOiWDJoxKGetPbuYga8fBeqIlUne-78dhBtFkBcTDJxgp5XNgsKlEVsZA_JoNdfKuDVws
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame BB56 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=3975831450135493&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
pagead2.googlesyndication.com/bg/ Frame FF15 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
16634
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15296
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 16:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 15 Nov 2024 18:01:04 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 6ACA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvjnli4bn186P8NUG2egafQUEfhw6DpzK7Cwn4yaqB7of3onhwa6Uzx3qFeRtJ3e01bLV03U7K4mXGbhluYqIKEzCgGpf5TkJIxwkFSA8ePGDINW44_F9oyOxkwMCJiCarkkH_yMk2cVziE&sai=AMfl-YSagYA0udjX6KdaKBSc68pSawLHeI8GeKCzw4rdQFDb_eY0LrGUWpMZqEbp_-d63LVhRPokOZSUps9cGuD8NYE7wqYD1tl4bU6x_onzUGm9hXK9x9hVbKUaXROGCvF_unx6OXGUb7cD7148WGIs&sig=Cg0ArKJSzCmR_QYjKZmbEAE&cid=CAQSTgDICaaN8XoIEfLE1Q6V3pqJmkSJ3GtjNO9jDrijuvotMY7_X5e-6p5Uxn8_nOgh4mshg_As4ClZxxEeRoGoVF_lsgk5SRiu09qe8nRPvhgB&id=lidar2&mcvt=1007&p=0,0,126,728&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.71&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700174296265&rpt=971&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 34B0 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.202.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-202-12.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 22:38:18 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Nov 2023 12:56:28 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=51437
Connection
keep-alive
Content-Length
13230
Expires
Fri, 17 Nov 2023 12:55:35 GMT
khaos.json
token.rubiconproject.com/ Frame 34B0 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
c1913d0f161dfd12bb229b87994a2d1d
Expires
0
dt
dt.adsafeprotected.com/ Frame C168 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=7a654903-c0c5-b0b2-1465-21a9dfb53cd7&tv=%7Bc:ub0Jbm,pingTime:-10,time:1663,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE1OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1700174297305%7C%7C482796b88de8bea442a5935e94c6171a%7C%7C1b7de7e82db1163ab7a1342e5def95a8%7C%7Ced282235ab6bf81bd2e43af91c8d1416%7C%7Ce7b3cf40cd46c2d9755fd8532f9bfd00%7C%7C8e3fb72caccd3113b1b4ab7bfc68fe08%7C%7C6f3fd42ff1e332634150520477449d74%7C%7Cd6fff7f3a9477b7f28869586ae1dd585%7C%7C1663701684,sca:%7Bspg:8fda29e4-8b7b-9a3b-8529-f9099e249d77%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7782:12de:a7c6:4ccd:970d Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
x-server-name
dt12.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
generate_204
tpc.googlesyndication.com/ Frame FF15 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?mcEubg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
publishertag.prebid.135.js
static.criteo.net/js/ld/ 		89 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.135.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec/cc7c52ff-f462-471f-b44e-693e487d499a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 24 Feb 2023 07:57:32 GMT
server
nginx
etag
W/"63f86dec-16386"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 22:38:18 GMT
syncframe
gum.criteo.com/ Frame 8A4D 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wwwproxy.uscho.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 Nov 2023 22:38:17 GMT
server
Kestrel
server-processing-duration-in-ticks
1033754
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
publishertag.prebid.js
static.criteo.net/js/ld/ 		96 KB
31 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:18 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
etag
W/"653b5c0e-1811e"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Nov 2023 22:38:18 GMT
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=6~lp1rvn86&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_Cg0Yvy4gNioGCAYSAhAB
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=4~lp1rvn85&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.6=6.1_Cg0YmRwgNioGCAQSAhAB
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CE1 		0
24 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7036186129273&version=m202309260101&ct=76&x=1&cor=3189723862143340000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C168 		0
24 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8197393345798&version=m202309260101&ct=76&x=1&cor=508010325822991700
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame 8A4D
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=uscho.com&sn=ChromeSyncframe&so=3&topUrl=wwwproxy.uscho.com&bundle=83z5wF9hJTJGbzJta3hXODE3WHN3JTJCUmFQTFN4Rmh4NSUyRnFwdWl6Y3IyQSUyRm1qUzB...
  • https://mug.criteo.com/sid?cpp=VCqI8Xx6OStrNWZ0WGRBSW5yU1ZKWksxbldhU1VHcXVCM2o4M1liblIyclRIbTZobU9zd0RhU3h2dE9hT1lVMVh0MnRNREtPOW9aNXpKSUpid2ExdnJLSlZLOStSZEJjT0NOYmhlV0NBZDJPRXordU9BRndrVlBJYWYxMk...
444 B
658 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=VCqI8Xx6OStrNWZ0WGRBSW5yU1ZKWksxbldhU1VHcXVCM2o4M1liblIyclRIbTZobU9zd0RhU3h2dE9hT1lVMVh0MnRNREtPOW9aNXpKSUpid2ExdnJLSlZLOStSZEJjT0NOYmhlV0NBZDJPRXordU9BRndrVlBJYWYxMkx0TXRObWprNHRMTit2cnNvQXZzNjRzNW5GdW4xWjI2ZVdFTWRVQ2ptVit0NmJFOFNqWmZtMTg0Z2JERFV0eER0aWkydmRmSVhDVE9nb2syQ3NmNWh1NW5SVlV3L1FuMHNreWpNaXNYNnJBMlE3VzZYQTJUNWNFV1l0Um5rVzhrQVR5ZDN1MmtXV0hKeTcvSVVIeklPZXNFY0IwYkpaamFyTGZEdnA5V2trZWVYVUUxUS9QZz18&cppv=2
Protocol
H2
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
274b42bafcda176dc29defdd920da76c7e7828a8c90309704b83bea9acf457f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
597654
expires
0

Redirect headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:17 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=VCqI8Xx6OStrNWZ0WGRBSW5yU1ZKWksxbldhU1VHcXVCM2o4M1liblIyclRIbTZobU9zd0RhU3h2dE9hT1lVMVh0MnRNREtPOW9aNXpKSUpid2ExdnJLSlZLOStSZEJjT0NOYmhlV0NBZDJPRXordU9BRndrVlBJYWYxMkx0TXRObWprNHRMTit2cnNvQXZzNjRzNW5GdW4xWjI2ZVdFTWRVQ2ptVit0NmJFOFNqWmZtMTg0Z2JERFV0eER0aWkydmRmSVhDVE9nb2syQ3NmNWh1NW5SVlV3L1FuMHNreWpNaXNYNnJBMlE3VzZYQTJUNWNFV1l0Um5rVzhrQVR5ZDN1MmtXV0hKeTcvSVVIeklPZXNFY0IwYkpaamFyTGZEdnA5V2trZWVYVUUxUS9QZz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
301007
content-length
0
expires
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame B338 		0
24 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3202563391326&version=m202309260101&ct=76&x=1&cor=7448453724097452000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 6ACA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBW1fLrp8ZPK3tgb_fLWY9Z-Es7eh6vlOtb8z9UZ5BRZjWmTsfWzLEDy9FN4qNbZXZS6tBpfqHRr6DsKEHvoFYERJs2nyT3wyaNQJ3KPipK-1ZXvpDZjh4fQ&sig=Cg0ArKJSzPeiK6Wh5m5vEAE&id=lidar2&mcvt=1093&p=18,0,108,728&mtos=0,1093,1093,1093,1093&tos=0,1093,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=0.8&if=1&vu=1&app=0&itpl=34&adk=3430571814&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700174296265&rpt=1388&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking-event
api.webgains.io/ Frame D543 		16 B
209 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-132-19-32.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/8.1.14
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Nov 2023 22:38:19 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
PHP/8.1.14
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
x-xss-protection
1; mode=block
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=7~lp1rvopk&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_CgsYmDAgMioECAgSAAoNGP4wID4qBggGEgIQAQ
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=5~lp1rvopk&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.6=6.1_CgsY8h0gMioECAgSAAoNGNgeID4qBggEEgIQAQ
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking-event
api.webgains.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.webgains.io/tracking-event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.132.19.32 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-132-19-32.eu-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
date
Thu, 16 Nov 2023 22:38:18 GMT
server
nginx
gen_204
pagead2.googlesyndication.com/pagead/ Frame D397 		0
24 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4297570690367&version=m202309260101&ct=77&x=1&cor=11498287611133712000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=3975831450135493&bg=!ODulO3TNAAZxrfrxUa07ADQBe5WfOFS_CgKU1oS72HlDvrptCnuydWS62JdiwKckIHrJTI5swh3r9_JA3-MkBeAuam3jAgAAAFtSAAAAAmgBBwoAXH0sG3dEP36phleE6PUJ2R7HPClVtQT8YLrkSX4UCUj2y9t7k1i3Mt_7z2FIiD-y2sdTUsCAQ5sm4mLNIGHL4ba_Iu530FfO9Vd0N0arCyiiQr6ZpUHk_hN1ndOmmQLNy64i-6ccTGRkphpYne0WZJ5EXEq5cEKbdhGEalKIvPw_SmBErPPiG6r1WBMU0uHh_TI2c_oQjKRAx0-qyT4LQY_if8US_uEZx1Q9LzvMnhJj3a3qR_Vp3bTGQV05vGbP_mQHpc6lgJd3S23YqKdguIgb1TIIJaeODqUHH_css-EWKmDALtQ-n9GQvXS8YyEAcngGoKzEmygRE6DeHkmJu1psOxsgmk8giVaJ-rUnc1hsIUZRrRsV6XDTvr_lbYG-iSIqYi-FU_we1Y8iZvxjxTi26B9o44uiYDe5g1xJKMScUrFBjbOMnCD9zJQ5JyRLOhoKES_-zO1XFX_aylKGToEvodyqo7tWbfgSq9dgLv2nDrc5Iz17rIXiW0ud2830eaTuhwWXB01oEjr_vePHT5IKZF_KUnZWAmQXrmdALcWMUEEHIqkaHbw_YzkBNyiiXRKWoAd_0aUqikDr8xypxIayLJVDf8OPKA5e5V-kvvtfOkTgIhVanrui_bh9Ev0isJnWrIVBXQhw-WMx9foTwpkNKUIT7mKjFk6jtiAGrEKZfQLa3gIhAcMYbvOwfhijwQRe6_bVBxFVkSkCRLujrnHvfn6_Dv58htk9SaKSil7ds25F9xAkKmzgkP5QNymTy6LHohJxzfCyE6pPY2Znoktmg22ID_AdyVebmQZSW1pRZC4VqtlRbbW4Wz-PRp1xXDnE1ZWIRkF-I79bOlfFo57EqS4a2Z8uuAR3cmCJ6CCtyuKA_DsgIhPS1hswDibhh5_3wkAFtGwLs3dHpLNZU1TTj5MlZW1LPjSsfDcRFsW8rGDD7C_G2fViFdnY_DUlO2v3rERXwZfHx92GErG0s06BcWEQtCda-WJLJvqGOTTSuNfe2QGT4TR51v-S7K-A7O_MEvjyDkGDtOIg8wsB4UsQAQR1Ue4DFb4mowpjKrEV5dupmW7o-G3gjCB0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6ACA 		0
24 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=692487048705&version=m202309260101&ct=77&x=1&cor=11775103312522355000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D543 		0
25 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8674003195043&version=m202309260101&ct=77&x=1&cor=16422682046585133000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=8~lp1rvox8&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.3=76.1wg_1~894.1wq~894.1wq~1132.1wx_9~1132.1x6_3~808.1xa~808.1xa~808.1xa~808.1xa~243.48y_1&met.9=9.0~9.0~3_1.1x9~3_4.1x9~7_1.0~7_4.0&met.7=CBsQAiCzDTjwBcAB6J61-AI~CBsQAiC0DTjcBcABsOCTgwM~CBsQAiC1DTiQBsAB_Jv8sgI~CBsQDSDqDjicBMABzIvxugo~CBsQBhgBIN8SKN8SMO8SOBDAAeiswYIE~CBsQBhgBIN8SKN8SMMITOGPAAYbNpYUC~CBMQAhgBIPISKPISMIcTOBZo8xJwhxN4hr0BgAHaugGIAejtAqoBEwoNcHJhZ2F0aW5hcnJvdxAFGASwAQG4AQPAAYuTsrUH~CBMQAhgBIPISKPISMIYTOBRo8xJwghN4pLoBgAH4twGIAczgAqoBEwoNcHJhZ2F0aW5hcnJvdxAFGASwAQG4AQPAAfn19IkK~CBsQDSCeEjh2wAHRso6SBQ~CBsQChgBIM8SKM8SMI4TOD_AAazOitkD~CBsQARgBIKETKKETMLQTOBPAAaSg_KUH~CBsQAiC2DTjKBsABt-na5gE~CBsQAiDlDTiUBsABwZ267AE~CBsQAiDlDTieBsAB28aqqAQ~CBsQBSC9Eji4AcABodv29gE~CBsQDSD_EjhjwAGP8cqZCA~CBsQDSCSEzhqwAGV8OKhBg~CBsQAiD4EzhjwAGk6s_CDQ~CBsQAiD4EzhjwAHxytbYAQ~CBsQAiC2DTjdB8AB05nwmw0~CBsQBSDIEjjhAsAB2JOO7QE~CBsQBRgBIL8TKL8TMKYUOGdQzxNY8xNg3BNo9BNwpRR4iReAAd0UiAGSMLABAbgBA8ABh4HgdQ~CBsQARgBIPIUKPIUMIMVOBLAAaSg_KUH~CBsQDSDIEjjxAsABqbaXnwo~CBsQDSDkEjjZAsABq9X_Eg~CAUQBRgBIKYSKKYSMJMWOOwDaKoScIoWeMm1AoABnbMCiAHR0QawAQG4AQPAAZDHsvAI~CA8QBBgBIL0TKL0TMK0WOPACaL4TcKQWeLrdAoABjtsCiAGL-gWwAQG4AQPAAb_emusG~CBsQAiD4EzjcAsAB8oSp_Aw~CBsQAiD4EzjnAsABx9PKzwo~CAUQBRgBIO0SKO0SMMEWONQDaO4ScLAWePLeAoABxtwCiAGB-QWwAQG4AQPAAZDHsvAI~CAUQBRgBINARKNARMOEWOJEFaNIRcN0WeIaNAYAB2ooBiAGY-AKwAQG4AQPAAZDHsvAI~CAUQBRgBIOITKOITMOsWOIkDaOQTcOkWeJVdgAHpWogBhtQBsAEBuAEDwAGQx7LwCA~CAUQBRgBIIAUKIAUMOwWOOwCaIMUcOsWeI5dgAHiWogBgdQBsAEBuAEDwAGQx7LwCA~CBsQBRgBINEWKNEWMOUWOBRo1hZw5BZ4iReAAd0UiAGSMLABAbgBA8ABh4HgdQ~CAUQBRgBIPYRKPYRMJ0XOKcFaPgRcJcXeITWAoAB2NMCiAGYsQiwAQG4AQPAAZDHsvAI~CBsQARgBILIYKLIYMMUYOBPAAaSg_KUH~CA8QBBgBIL4TKL4TMMcYOIoFaL4TcMYYeL5lgAGSY4gBw-kBsAEBuAEDwAG_3prrBg~CAUQBRgBIJAUKJAUMKUXOJYDaJEUcKQXeIdrgAHbaIgBqZcCsAEBuAEDwAGQx7LwCA~CBsQBSCwGDibAsABl4XXrAo~CBwQChgBIMEYKMEYMPIYODFowRhw6hh4oLYDgAH0swOIAdr-CbABAbgBA8ABprnIiQY~CAUQBRgBIJcTKJcTMOAYOMoFaJgTcN8YeJldgAHtWogB2dMBsAEBuAEDwAGQx7LwCA~CBsQBRgBIKgaKKgaMMIaOBposxpwwRp4iReAAd0UiAGSMLABAbgBA8ABh4HgdQ~CCgQBRgBIKUbKKUbMLUbOBBoqBtwtBt4wiKAAZYgiAHxRrABAbgBA8ABq62BvwE~CBsQARgBIKcgKKcgMLsgOBPAAaSg_KUH~CBsQCDjcKsABsfXzggM~CCcQDRgBINwqKNwqMJ0rOEFo3CpwnCt4pWKAAflfiAGTf7ABAbgBA8AB8_LLrgs~CBsQDSDjKjgSwAHVkdO8Aw~CBsQDSDvKjgywAHmienfCA~CBsQDSDwKjhHwAGYu4__DA~CBsQBSCNKzhNwAGqnoXRDA~CBsQDSDwKjhtwAHAq5a_Ag~CBsQBSCQKzhewAHXnYXRDA~CBsQBSCRKziPAcAByIP08gc~CBsQDSC0Kzg9wAHSxKyeBQ~CBsQBSCJKzilAcABndDmmQk~CCcQChgBILErKLErMP4rOE3AAeLBm9oF~CBsQBSCLKzipAcABvLfV6Aw~CBsQBSCUKzijAcAByIP08gc~CBsQDSCTLDgtwAHw4ZnJCQ~CCcQBRgBILAsKLAsMNIsOCPAAZmVn6AL~CBsQBRgBILIsKLIsMNosOCjAAc_G2uIB~CBsQBSCSKzjSAcABiaTJzQo~CBsQBSCKKzisAsABuqDKkAo~CBsQBSCKKziSA8ABs-n1_wI~CBsQCiCULjgWwAGi7aODBw~CBsQDSC8Ljg5wAGQmoHGDA~CBsQBSC1LjjDAsABodv29gE~CBsQARgBIKkvKKkvMLsvOBLAAaSg_KUH~CBsQARgBIL4xKL4xMNkxOBvAAaSg_KUH~CBwQBhgBIP8xKP8xMLIyODPAAaHZ1rIJ&met.1=1.lp1rvk1a~6.7y~7.7z~8.7z~9.7z~10.ey~11.bf~12.ey~13.me~14.ps~15.mh~16.1tx~17.1tx~18.1uo~19.47s~20.47s~21.47w~22.1cz~23.1cz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:19 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lp1rvlz4&ctx=0&met.3=112.1xu_1~1032.1y6~326.1y6~832.1y7~868.1y7~216.1y6_1~215.1y6_1~889.1y8~639.1yb~1032.1yy~326.1yz~832.1yz~868.1yz~216.1yy_2~215.1yy_2~889.1z1~639.1z5~1032.1zg~326.1zg~832.1zg~868.1zg~216.1zg_1~215.1zg_1~889.1zi~639.220~246.229_1~1032.22m~216.22m~215.22m_1~639.22m~646.27i_1~800.27k~800.27k~800.27k~800.27k~800.27k~647.27k~965.27m_1~947.27w~573.27w~598.27w~947.27y~947.27y~574.27y~54.27y~598.27y~598.27z~355.27z~598.27z~583.27z~54.27z~598.27z~801.28m~801.28m~825.28m~355.28m~825.28m~598.28m~51.28m~598.28n~52.28n~76.28n~52.28n~708.28m_1~598.28n~708.28n~76.29d~76.29d~246.2eq~429.2f4~680.2f5~680.2fk~824.2fk~824.2fk~680.2h3~168.2h3~168.2h3~168.2h3~168.2h3~168.2h3~168.2h3~168.2h3_1~168.2h3_1~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~168.2h5~680.2h5~680.2h6~646.2l8~800.2l8~800.2l8~800.2l8~800.2l8~800.2l8~647.2l8~965.2l9~947.2ld~573.2ld~598.2ld~598.2ld~947.2ld~947.2le~574.2le~54.2le~598.2le~598.2le~355.2le~598.2le~598.2le~355.2le~598.2le~583.2le~54.2le~598.2le~801.2lo~801.2lo~825.2lp~355.2lp~825.2lp~598.2lp~51.2lp~598.2lp~52.2lp~76.2lp~52.2lp~708.2lp_2~598.2lr~708.2lr~680.2n2~680.2n2~76.2np~76.2np~680.2nq~680.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~168.2nq~680.2nq~680.2nq~680.2nr~680.2nr~680.2os~680.2os~210.2ow_1~1032.2oy~326.2oy~832.2oy~868.2oy~164.2ox_1~165.2ox_2~466.2ox_2~522.2ox_2~1013.2p5~525.2p0_p~639.2pp~264.2ry~680.2ty~680.2ty~824.2ty~824.2ty~680.2u0~824.2u0~824.2u0~680.2u0~264.2u0~680.2v2~680.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v2~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~168.2v3~680.2v3~680.2v3~168.2v3~168.2v3~680.2v3~680.2v3~264.2wa~680.2wq~680.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wq~168.2wr~168.2wr~168.2wr~168.2wr~168.2wr~168.2wr~680.2wr~680.2wr~168.2wr~168.2wr~680.2wr~680.2wr~680.2ws~680.2ws~680.2x2~680.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x2~168.2x3~168.2x3~168.2x3~680.2x3~680.2x3~168.2x3~168.2x3~680.2x3~680.2x3~680.2x4~680.2x4~264.2x6~415.2xo~844.2xo~844.2xo~598.2xo~710.2xo~264.2z9~1121.30m~783.30m~264.318~680.31b~680.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31b~168.31c~168.31c~168.31c~168.31c~168.31c~168.31c~168.31c~168.31c~168.31c~680.31c~680.31c~168.31c~168.31c~680.31d~680.31d~680.31h~680.31h~76.31h~76.31h~680.322~680.322~264.34w~680.36n~680.36n~246.36v~680.36x~680.36x~264.374~264.39f~680.39k~680.39k~264.3c8~264.3dy~76.3e8~76.3e8~264.3ey~264.3ga~264.3h1~264.3j6~264.3l2~264.3o6~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~168.3pp~680.3pp~680.3pp~168.3pp~168.3pp~168.3pp~680.3pq~680.3pq~680.3pr~680.3pr~680.3q6~680.3q6~824.3q6~824.3q6~257.3qw~264.3qw~680.3rq~680.3rq~264.3tu~76.3u8~76.3u8~168.3ui~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~168.3uj~680.3uj~680.3uj~168.3uj~168.3uj~680.3uk~680.3uk~680.3ul~680.3ul~680.40k~680.40k~415.41v~844.41v~844.41v~598.41v~710.41v~783.44f~1121.44f~273.462~76.468~76.468~94.47v~113.48x_2~113.48z~680.4ey~680.4ey~76.4j6~76.4j6~246.4o9~246.4vy~680.4vz~680.4vz~76.4xj~76.4xk~680.4xs~680.4xs&met.9=4_1.27j~5_1.27s~4_4.2l8~5_4.2lc~6_1.2xo~6_4.41v
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/rum_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:19 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame C266 		0
599 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:19 GMT
an-x-request-uuid
50b84648-8587-4595-af3d-fe96b2cbd189
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
178.162.209.140; 178.162.209.140; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
fafdbd90-5bf0-4794-b385-facb449599dc.js
product.instiengage.com/ceu-code/ Frame D6DE 		370 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/dca06727-89e0-43d6-81ef-b6dbc6a5c4ec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:1800:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2fb654676deeb5fb4fcf63837bb61856610ee36b07cd5c67b843a38af9fdb948

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
RgoK6s3IHxcELRW_0KrqPleBUChYLUKB
content-encoding
br
via
1.1 2177a1d449a3e8dc7269040f15d81cb0.cloudfront.net (CloudFront)
date
Thu, 16 Nov 2023 22:38:21 GMT
last-modified
Thu, 21 Sep 2023 06:14:05 GMT
server
AmazonS3
x-amz-cf-pop
ZRH55-P1
x-amz-server-side-encryption
AES256
etag
W/"7e8e97b261f99657942d007585e57dc1"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=3600,public
x-amz-cf-id
p9_YH92_t5MimJFqWjBXwUu2Zx6ClAG441-SO9iSQt6P06ImLHcD7A==
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-K9F26MDDX7&gtm=45je3b81v9105504737&_p=1700174294219&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2044206632.1700174295&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEII&sid=1700174294&sct=1&seg=0&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&_s=2&tfd=7924
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K9F26MDDX7&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1637000408&t=pageview&_s=1&dl=https%3A%2F%2Fwwwproxy.uscho.com%2F&dp=%2Fdca06727-89e0-43d6-81ef-b6dbc6a5c4ec&ul=en-us&de=UTF-8&dt=Men%E2%80%99s%20DI%20College%20Hockey%20-%20College%20Hockey%20%7C%20USCHO.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAACAAI~&jid=113238102&gjid=1451817903&cid=2044206632.1700174295&tid=UA-123718506-11&_gid=1959391491.1700174295&_r=1&_slc=1&z=671993265
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
geoip.instiengage.com/json/ Frame D6DE 		247 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
dcb07f18cc22ff5d5d8e4850ac3d93b32dc933e747fb6c865a87ed757da128f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:20 GMT
access-control-allow-credentials
true
x-database-date
Thu, 16 Nov 2023 22:10:08 GMT
content-length
247
vary
Origin
content-type
application/json
logo-insticator-light-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame D6DE 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.instiengage.com/files/images/embed4.0/app/logo-insticator-light-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:ea00:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
T2IjPTIo4qchLnC2G3GrIcEa98kcWaxz
date
Thu, 16 Nov 2023 22:34:09 GMT
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
last-modified
Wed, 13 Jul 2022 16:30:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
253
etag
"591958545714b5567fc57c2f4c215b1c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
x-amz-replication-status
REPLICA
accept-ranges
bytes
content-length
3973
x-amz-cf-id
quLnwgupYFP3LjK3q4zZfaRH7vNYr5tlFHhOMFJ_OU6O6JjlwPykHQ==
icon-check.png
static.instiengage.com/files/images/embed4.0/app/ Frame D6DE 		649 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.instiengage.com/files/images/embed4.0/app/icon-check.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:ea00:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
LAzj2T9To4nJbbC7ZHWfpQpTuFxrgcvY
date
Thu, 16 Nov 2023 22:36:38 GMT
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
104
etag
"b673377b664a0b33454c267d911fcfc1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
649
x-amz-cf-id
4vucY_igw2AiQ3F5iN8T9RSy0bLfyWtC2VMKrqYBm3M7wRAAdgDgYw==
graphic-ooc-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame D6DE 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.instiengage.com/files/images/embed4.0/app/graphic-ooc-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:ea00:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
eOMnJSzBI81wb4OK.n4S.oHVD4IqRrSP
date
Thu, 16 Nov 2023 22:36:35 GMT
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:05 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
109
etag
"3b5c1361f893cc23b07c2f3cc48cee32"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4833
x-amz-cf-id
UK9xyjk7EAtPwaaN0fb1SQYQMhnjheSjGIWZKYkY8yEVouXLvH0XDQ==
contents
cms.instiengage.com/v3/ Frame D6DE 		19 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cms.instiengage.com/v3/contents?embed_uuid=fafdbd90-5bf0-4794-b385-facb449599dc&cookie_id=null&content_order=RANDOM&for_embed=true&content_count=20
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/fafdbd90-5bf0-4794-b385-facb449599dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.172.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-172-61.compute-1.amazonaws.com
Software
/
Resource Hash
dc001916f69a33b4599ef0d5c417ab64605883e41f6fca731bbfbb0e0697ea12

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin
https://wwwproxy.uscho.com
date
Thu, 16 Nov 2023 22:38:21 GMT
access-control-allow-credentials
true
content-length
19603
vary
Origin
content-type
application/json
05132cb7-1afc-47b8-a123-7c3caa41b043
static.instiengage.com/client_logos/c8afe158-72c1-454b-9574-c150e9630cb3/ Frame D6DE 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.instiengage.com/client_logos/c8afe158-72c1-454b-9574-c150e9630cb3/05132cb7-1afc-47b8-a123-7c3caa41b043
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:ea00:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b815630bf19d827a051c35d8619caf761d0af5df6452ffb8881b353061c79e28

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
9W.sQHDxekc1YnmnD8ftQqLe4NBYJg0Z
date
Thu, 16 Nov 2023 22:38:22 GMT
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 15:10:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"76f767b42fbdb7a25a817ff3c137cb72"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/octet-stream
cache-control
max-age=31536000,public
accept-ranges
bytes
content-length
2623
x-amz-cf-id
5XASmPkQO6uU197uccPok_rdfWshPoFFevp-Jgy60eo1_4JTkjXpQg==
csi
csi.gstatic.com/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=9~lp1rvp3r&c=3975831450135493&e=44759876%2C44759927%2C44759837%2C31079606%2C31078301%2C31061691%2C31061693&ctx=1&met.6=6.1_CgsYj0EgSyoECAgSAA
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame 6D48 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=6~lp1rvox9&chm=1&ctx=2&gqid=1plWZcyANo2-9u8P-M2B-As&qqid=CN6YnufKyYIDFU6jmgodVNEGvQ&met.6=6.1_CgsY6C4gSyoECAgSAA
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-123718506-11&cid=2044206632.1700174295&jid=113238102&gjid=1451817903&_gid=1959391491.1700174295&_u=aEDAAUABAAAAACAAI~&z=1168166443
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 16 Nov 2023 22:38:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://wwwproxy.uscho.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-123718506-11&cid=2044206632.1700174295&jid=113238102&_u=aEDAAUABAAAAACAAI~&z=556900964
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-123718506-11&cid=2044206632.1700174295&jid=113238102&_u=aEDAAUABAAAAACAAI~&z=556900964
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Nov 2023 22:38:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
be2ea1a6-c169-43a9-97a5-3868f04ae216
static.instiengage.com/client_images/c8afe158-72c1-454b-9574-c150e9630cb3/ Frame D6DE 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.instiengage.com/client_images/c8afe158-72c1-454b-9574-c150e9630cb3/be2ea1a6-c169-43a9-97a5-3868f04ae216
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:ea00:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3fac33385fe22ffb654f46efadb3ab0b4f2f9221a3557660b0fad4bd582c542

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 22:38:22 GMT
x-amz-version-id
iCEEY12n1KssbSftGfLBg9jzrqUJfesp
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 15:16:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
"5aa0d005cb1d2b8ed532eef82b238a44"
x-cache
Miss from cloudfront
content-type
application/octet-stream
cache-control
max-age=31536000,public
accept-ranges
bytes
content-length
23936
x-amz-cf-id
TDSyylElhm58vh4nt1fZp93eRE_8qEUXRNFOjucoG8oSdgRWEZ6LQw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.search.spotxchange.com
URL
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEHFiNkHd4i6JIbZSLONTB3g&google_cver=1
Domain
sync.search.spotxchange.com
URL
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Verdicts & Comments Add Verdict or Comment

399 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| documentPictureInPicture object| d string| jsonURL string| todayDate string| season object| Insticator object| $jscomp function| $jscomp$lookupPolyfilledValue boolean| headerTagInjected number| insticator_tg boolean| abpStatus object| federatedObj object| instBid object| instBidChunk object| _pbjsGlobals undefined| $ function| jQuery function| createCookie function| readCookie function| showdd function| hidedd function| chgWindow function| switchPlayer function| switchTeam function| switchCoaches function| showNext function| showSubmit function| unset function| indicator function| teamdd function| teamddclose function| chgHtml number| ddopen string| logoURL string| scoreURL string| enableDays string| confName number| init number| refreshTime number| scoresWidth object| timer number| gameDay number| scrollInit function| refreshGames function| initLoadScroll function| initScroll function| refreshCurrent function| refreshScores object| bootstrap object| bootstrapTable function| gtag object| dataLayer object| adsbygoogle object| tdwGlobal object| tdBlocksArray function| tdBlock object| tdLocalCache object| td_viewport_interval_list string| tdc_is_installed string| td_ajax_url string| td_get_template_directory_uri string| tds_snap_menu string| tds_logo_on_sticky string| tds_header_style string| td_please_wait string| td_email_user_pass_incorrect string| td_email_user_incorrect string| td_email_incorrect string| tds_more_articles_on_post_enable string| tds_more_articles_on_post_time_to_wait number| tds_more_articles_on_post_pages_distance_from_top string| tds_theme_color_site_wide string| tds_smart_sidebar string| tdThemeName string| td_magnific_popup_translation_tPrev string| td_magnific_popup_translation_tNext string| td_magnific_popup_translation_tCounter string| td_magnific_popup_translation_ajax_tError string| td_magnific_popup_translation_image_tError string| tdBlockNonce string| tdsDateFormat object| tdDateNamesI18n string| td_ad_background_click_link string| td_ad_background_click_target object| block_td_uid_7_65568c560fc7f object| block_td_uid_12_65568c561c8f6 object| block_td_uid_22_65568c562f709 object| block_td_uid_26_65568c5650791 object| block_td_uid_40_65568c56610f7 object| block_td_uid_45_65568c56665d4 object| block_td_uid_52_65568c566dd5d object| block_td_uid_57_65568c567299c object| _qevents object| scriptParams object| InsticatorApp string| insticatorHeaderCodeVersion boolean| isPageviewSent object| insticatorCommentingUnitSettings object| settings object| googletag object| confiant object| Criteo object| ggeac object| google_tag_data object| google_js_reporting_queue object| google_tag_manager function| quantserve function| __qc object| ezt object| _qoptions object| __gcse string| GoogleAnalyticsObject function| ga object| abadiv function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| tdAnalytics object| tdDetect object| tdViewport object| tdMenu object| tdUtil object| tdAffix function| td_smart_list_dropdown object| td_more_articles_box undefined| td_resize_timer_id function| td_done_resizing function| td_resize_videos function| td_mobile_menu function| td_mobile_menu_toogle function| td_retina function| td_read_site_cookie function| td_set_cookies_life boolean| tdIsScrollingAnimation boolean| td_mouse_wheel_or_touch_moved boolean| td_scroll_to_top_is_visible function| td_events_scroll_scroll_to_top function| td_post_template_6_title function| td_smart_lists_magnific_popup function| td_get_document_width function| td_get_document_height function| setMenuMinHeight function| td_comments_form_validation function| td_scroll_to_class function| td_helper_scroll_to_class object| tdLoadingBox object| tdAjaxSearch string| tdModalImageLastEl object| tdBlocks object| tdLogin object| tdLoginMob object| tdDemoMenu object| tdTrendingNow object| td_history object| tdSmartSidebar object| tdInfiniteLoader function| Froogaloop object| tdCustomEvents object| tdEvents object| tdHeader object| tdAjaxCount object| tdYoutubePlayers object| tdVimeoPlayers function| td_resize_smartlist_slides function| td_resize_smartlist_sliders_and_update function| td_resize_normal_slide function| td_resize_normal_slide_and_update object| tdPullDown object| td_fps object| tdAnimationScroll object| tdHomepageFull object| tdBackstr object| tdAnimationStack function| td_compute_parallax_background function| td_compute_backstretch_item object| td_backstretch_items object| tdAjaxLoop object| tdWeather object| tdAnimationSprite function| td_date_i18n object| tdSocialSharing function| tdModalImage function| $f number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots number| google_rum_task_id_counter function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| __bt object| __bt_intrnl object| __bt_tag_d object| __bt_tag_am object| google_rum_config object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol boolean| __bt_already_invoked object| _google_rum_ns_ object| regeneratorRuntime function| Popper object| __uid2SecureSignalProvider object| __uid2 object| ox_esp object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_144 object| Criteo_identitytag_144 object| InsticatorXmess function| _googCsa number| nextSearchboxId object| pbjs function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_oa object| sync16589_xa object| sync16589_ya function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_J function| sync16589_K function| sync16589_L function| sync16589_la function| sync16589_ma function| sync16589_na function| sync16589_M function| sync16589_N function| sync16589_pa function| sync16589_O function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_P function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_wa function| sync16589_Q function| sync16589_R function| sync16589_za function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_Aa function| sync16589_W function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Ea function| sync16589_Ba function| sync16589_1 function| sync16589_Da function| sync16589_Ca function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Ga function| sync16589_Ha function| sync16589_Ja function| sync16589_Fa function| sync16589_7 function| sync16589_Ia function| sync16589_La function| sync16589_Ka function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_Pa function| sync16589_$ function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa function| sync16589_Ta object| lotame_sync_16589 object| _33across function| date undefined| dates number| game_cnt object| game string| thisGame number| googleNDT_ number| googleAltLoader undefined| google_timing_params object| google_llp undefined| google_rum_values object| GoogleGcLKhOms object| criteo_pubtag_prebid_135 object| Criteo_prebid_135 object| google_image_requests

73 Cookies

Domain/Path Name / Value
i.liadm.com/s Name: _li_ss
Value: ChMKBgjdARDBFgoJCP____8HEMsW
i6.liadm.com/s Name: _li_ss
Value: CgA
.uscho.com/ Name: InstiSession
Value: eyJpZCI6Ijg3ODIyMzNmLTAxM2UtNGY3OS1iZjczLWM5YTkzOGM1ZDlmMSIsInJlZmVycmVyIjoiIiwiY2FtcGFpZ24iOnsic291cmNlIjpudWxsLCJtZWRpdW0iOm51bGwsImNhbXBhaWduIjpudWxsLCJ0ZXJtIjpudWxsLCJjb250ZW50IjpudWxsfX0=
wwwproxy.uscho.com/ Name: instiPubProvided
Value: ba58db7b-bd46-4442-852e-be5f7e204cee
wwwproxy.uscho.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.uscho.com/ Name: _pubcid
Value: 83b49162-0258-4220-a42d-d81519ad0867
.uscho.com/ Name: instUid
Value: cb047f61-843e-4b73-95f4-cdfc29323fad
.gumgum.com/ Name: cs
Value: true
.uscho.com/ Name: _gid
Value: GA1.2.1959391491.1700174295
.uscho.com/ Name: _gat_gtag_UA_541124_2
Value: 1
.rubiconproject.com/ Name: khaos
Value: LP1RVLKC-3-DPED
.rubiconproject.com/ Name: audit
Value: 1|yQuirGeEF6BtpbUiwCstUS+IXqvPVzt4X6LBWwGzep2k2NKlEueGiCap8T9rs0cKOZl/hmt31kv6UQR17uMz0fPzJ6cr+j5/otPNd4RwIY/EyVNLdBbxACKPLRELhl3x0A+VO7RH1E0=
.quantserve.com/ Name: mc
Value: 655699d6-a2f25-19c96-2f35e
.adnxs.com/ Name: icu
Value: ChgI5sRbEAoYASABKAEw1rPaqgY4AUABSAEQ1rPaqgYYAA..
.adnxs.com/ Name: uuid2
Value: 8414711145187518219
.uscho.com/ Name: __qca
Value: P0-920427330-1700174294495
.go.sonobi.com/ Name: __uis
Value: d2b54c99-4484-407e-b8bf-e6eacf22e3e1
.go.sonobi.com/ Name: _usd_wwwproxy.uscho.com
Value: 4b6fd85b-14e4-4125-b8bc-0a38af1a0813
.go.sonobi.com/ Name: HAPLB8G
Value: s85191|ZVaZ2
wwwproxy.uscho.com/ Name: plsVisitorGeo
Value: DE
wwwproxy.uscho.com/ Name: plsVisitorIp
Value: 178.162.209.140
wwwproxy.uscho.com/ Name: plsGeoObj
Value: {"ip":"178.162.209.140","country":"DE","region":"NW","city":"Münster","zip":"48153","location":"51.9302,7.6413"}
.uscho.com/ Name: lotame_domain_check
Value: uscho.com
.criteo.com/ Name: uid
Value: 1921ab83-9dbb-4c4d-b1a3-b4ea90952753
wwwproxy.uscho.com/ Name: plsVisitorCity
Value: Nordrhein-Westfalen
.uscho.com/ Name: connectId
Value: {"ttl":86400000,"lastUsed":1700174295276,"lastSynced":1700174295276}
.openx.net/ Name: i
Value: 5701f550-2187-461c-aaee-57ec004e7dee|1700174295
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUlHGTmomorBZbT8adLsNDIl6qwC7TXhjj7E05a62wpbGGErYNlBdBh2HDtY718
.casalemedia.com/ Name: CMID
Value: ZVaZ1wuGuA8t6El6il2hVgAA
.casalemedia.com/ Name: CMPS
Value: 3397
.casalemedia.com/ Name: CMPRO
Value: 3397
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GVUv6N)H!]tbPl1M>e)ZlrFUfJ+tGXxo3[RkR<I1$-eb:rW3:CSJCcWD!aQ<<k2`tXg-3If)y3KL9D3I?+DuH-[/
.doubleclick.net/ Name: APC
Value: AfxxVi4uB_SFoAnQf0w-EfWasEV-QQz-yaxUv5cDa8PPC9YoYvVwIA
.uscho.com/ Name: __gads
Value: ID=f28607f7dc8becff:T=1700174295:RT=1700174295:S=ALNI_MaotbsmqOrcC9XCEpaSQ5m-KTJedg
.uscho.com/ Name: __gpi
Value: UID=00000cca274fe26b:T=1700174295:RT=1700174295:S=ALNI_MYF9xToNVLZY6o4xPF17QDLSzRSVQ
.doubleclick.net/ Name: ar_debug
Value: 1
.googleadservices.com/ Name: ar_debug
Value: 1
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: b4c302d4055f409b
.awin1.com/ Name: awpv11601
Value: 113440|1700174297|d5d45330-84d0-11ee-98d5-22653d8c0e4c
pb.media01.eu/ Name: DTU
Value: 4B48CE637A6C1A8AC443C1F67B459149
.retailads.net/ Name: ppb2172
Value: 3310263989
.awin1.com/ Name: awpv20646
Value: 296283|1700174297|d5e60670-84d0-11ee-819e-22341370d01f
.awin1.com/ Name: AWSESS
Value: 409071:2840007
www.media01.eu/ Name: DTU
Value: 888969057DFF8C039B3ED058913D1985
.futalis.de/ Name: raSIDb
Value: 3310263989
.uscho.com/ Name: _ga_K9F26MDDX7
Value: GS1.1.1700174294.1.0.1700174297.57.0.0
.office-partner.de/ Name: source
Value: {"webgains_webgains":{"timestamp":1700174297620,"clickCookie":false}}
wwwproxy.uscho.com/ Name: _lr_retry_request
Value: true
wwwproxy.uscho.com/ Name: _lr_env_src_ats
Value: false
wwwproxy.uscho.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-11-16T22%3A38%3A18%22%7D
.csync.loopme.me/ Name: viewer_token
Value: 88248b4b-b127-4075-8c3b-efbeb859fe1e
.ingage.tech/ Name: instUid
Value: cb047f61-843e-4b73-95f4-cdfc29323fad
.w55c.net/ Name: wfivefivec
Value: GR4C4Mgi1R3L065
.w55c.net/ Name: matchcasale
Value: 5
.yahoo.com/ Name: A3
Value: d=AQABBNqZVmUCEJvAl_NyDXLU6VxaGKKyQLwFEgEBAQHrV2VgZQAAAAAA_eMAAA&S=AQAAAkvXh69tFeCEl-q_MvyYQZQ
.ads.stickyadstv.com/ Name: UID
Value: f33cd1bd978b0e16775657dd69e4c
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZVaZ1wuGuA8t6El6il2hVgAADUUAAAAB
.aralego.com/ Name: gdpr
Value: 1
.aralego.com/ Name: sspid
Value: c105a6b8-746a-305f-867f-896f4fe0febb
.mediago.io/ Name: __mguid_
Value: 1b7de7e8c1bfc6592bbow200lp1rvom9
.amazon-adsystem.com/ Name: ad-id
Value: AyFvj3sgrkX1staogn55vfI
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ab23d59e-638f-5f23-5fa0-7ce1fc2695e7.H%2BR%2BTHBCZ8MRdT9RidAmW2%2F5PBhBeHF7nVksNZomNHw
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ab23d59e-638f-5f23-5fa0-7ce1fc2695e7.H%2BR%2BTHBCZ8MRdT9RidAmW2%2F5PBhBeHF7nVksNZomNHw
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AqyPVnmOPXyNfoHzh_CaV57Ki0Yw.4iIoynghlU7M7IW%2BWbEz05fYFwSyDyfZUWZfL9i8ORQ
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AqyPVnmOPXyNfoHzh_CaV57Ki0Yw.4iIoynghlU7M7IW%2BWbEz05fYFwSyDyfZUWZfL9i8ORQ
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILIse0JEqzrMoaYgmz6kTwZkG2Whlk_elVfD5dXyOQDlEHwYBCDas9qqBjABOgRyABfNQgT-SowI.P1X2ak3mIrPocEQ60NAJJRpggZBJRXnbwSO4QfnCXB8
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILIse0JEqzrMoaYgmz6kTwZkG2Whlk_elVfD5dXyOQDlEHwYBCDas9qqBjABOgRyABfNQgT-SowI.P1X2ak3mIrPocEQ60NAJJRpggZBJRXnbwSO4QfnCXB8
.liadm.com/ Name: lidid
Value: c36aaa89-212e-48f4-a2bc-d30a37aec7f8
.uscho.com/ Name: cto_bundle
Value: n4XdnV9hJTJGbzJta3hXODE3WHN3JTJCUmFQTFN4QTR5Yk9EaSUyQlg0VUlnZHBCRTNMdlNtN3o0bEw5TFdSVEtTeHg0SkdZeE4lMkJxbnc1dk81VSUyQnJ2UHVCc2kwVWZUeiUyRnB2SXBkY0FXbjBaeFFVcjQ1V280TkVjWjVOcmh1b1hyc0hSeGYlMkZKRm4yQ1Bjc21BRldjbGJmcTlxSDg1T3d2ZyUzRCUzRA
.uscho.com/ Name: _ga
Value: GA1.2.2044206632.1700174295
.uscho.com/ Name: _gat_Insticator_Embed_v4
Value: 1

5 Console Messages

Source Level URL
Text
network error URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEHFiNkHd4i6JIbZSLONTB3g&google_cver=1
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other warning URL: https://www.googletagservices.com/dcm/impl_v99.js(Line 92)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=88
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://ex.ingage.tech/v1/sync/amx/cb047f61-843e-4b73-95f4-cdfc29323fad?uid=&gdpr=0
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5cfbe280f24f2f0ebed8f159bfb5b301.safeframe.googlesyndication.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
ads.stickyadstv.com
adv.office-partner.de
analytics.webgains.io
ap.lijit.com
apex.go.sonobi.com
api.btloader.com
api.rlcdn.com
api.webgains.io
auth.instiengage.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bidder.criteo.com
btloader.com
cdn-ima.33across.com
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.indexww.com
cdn.jsdelivr.net
cdn.lamp.avct.cloud
cdn.prod.uidapi.com
cdn.retailads.net
cdn.track.production.webgains.team
cdnjs.cloudflare.com
clients1.google.com
cm.g.doubleclick.net
cms.instiengage.com
connectid.analytics.yahoo.com
cse.google.com
csi.gstatic.com
csync.loopme.me
d.adroll.com
d3lcz8vpax4lo2.cloudfront.net
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eus.rubiconproject.com
event.insticator.com
ex.ingage.tech
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
fw.adsafeprotected.com
g2.gumgum.com
geoip.insticator.com
geoip.instiengage.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900019.redintelligence.net
hal90003.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
image6.pubmatic.com
insticator-d.openx.net
invstatic101.creativecdn.com
js-sec.indexww.com
json-b.uscho.com
lb.eu-1-id5-sync.com
match.adsrvr.org
match.sharethrough.com
measure.lamp.avct.cloud
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
pb.media01.eu
pixel.quantserve.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
product.instiengage.com
protected-by.clarium.io
pv.medialead.de
region1.analytics.google.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.instiengage.com
stats.g.doubleclick.net
sync.aralego.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.teads.tv
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trace.mediago.io
track.webgains.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
web.hb.ad.cpe.dotomi.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.media01.eu
www.uscho.com
wwwproxy.uscho.com
x.bidswitch.net
sync.search.spotxchange.com
104.122.39.115
104.18.36.155
104.248.50.245
13.224.103.16
13.224.103.40
13.224.103.78
130.211.23.194
138.201.63.117
138.201.64.38
141.95.98.65
142.250.185.162
142.250.185.226
142.250.186.70
142.250.186.98
145.239.193.130
145.40.97.67
151.101.65.108
162.19.138.119
162.210.196.208
167.172.136.17
172.64.149.180
172.64.151.101
172.64.152.89
178.250.1.9
18.132.19.32
18.132.222.111
18.165.183.76
18.197.187.29
18.200.168.98
184.30.16.195
185.64.189.112
185.86.139.57
198.47.127.19
2.16.97.41
2001:4860:4802:32::3
2001:4860:4802:34::36
216.52.2.30
23.56.205.163
2600:1f13:800:7782:12de:a7c6:4ccd:970d
2600:1f18:ed:550a:f0c6:ec14:4b0d:2411
2600:9000:2090:c400:10:dd8:5e40:93a1
2600:9000:211e:ea00:17:5bae:c7c0:93a1
2600:9000:2190:e800:8:48e:53c0:93a1
2600:9000:2250:e00:a:e047:753:a221
2600:9000:25a2:1800:9:78a:e540:93a1
2600:9000:25a2:4a00:6:44e3:f8c0:93a1
2600:9000:25a2:8200:1c:386f:ec80:21
2602:803:c003:200::45
2606:4700:10::6816:3456
2606:4700:10::6816:4ad8
2606:4700:10::6816:53d
2606:4700:20::681a:346
2606:4700:3037::ac43:8d14
2606:4700:4400::6812:2b5a
2606:4700::6810:5714
2606:4700::6811:180e
2607:ae80:192:1::173
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:800::2002
2a00:1450:4001:812::2006
2a00:1450:4001:812::200e
2a00:1450:4001:813::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::200e
2a00:1450:400c:c0a::9a
2a01:4f8:d0a:2321::2
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::c
2a02:fa8:8806:12::1460
2a05:d018:cc3:fe04:ef70:7dcd:5ce0:30c1
2a05:d018:d29:3601:bc0f:4713:12cd:b626
2a0b:4d07:101::1
3.125.12.15
3.208.172.61
3.225.103.95
3.71.149.231
34.102.146.192
34.120.133.55
34.120.135.53
34.149.20.76
34.254.15.230
34.96.70.87
35.208.249.213
35.214.184.129
35.244.159.8
35.71.131.137
37.252.171.21
44.215.169.187
49.12.16.151
50.31.142.223
52.17.171.231
52.46.155.104
52.58.37.65
54.155.77.146
54.165.115.205
54.194.65.19
54.225.205.186
54.87.131.239
67.202.105.21
69.166.1.32
69.173.144.139
78.46.90.238
85.10.231.200
88.198.250.30
95.101.202.12
01ceac3cb0b0c8905f0b522e43ad391744e0daa2aa5594158b59b6c468da1472
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
035431e60f3d094003b784db49de6e3d57c099df37a1e4b7bea8c7dbfba44fa2
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
0a17ba6a86af3ed68048863bbdff8366a4c00b37e3811d42351255a58eae8ac1
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be0aca44bad073453d3f107123dc563fa9f6d92889d2ef3b2b2d27a6a643457
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0c85f03ee7ffd8a409d628d4b368b63454b8f70fd43c2747f88f41df5dbc23f3
0cae8f6632d5aa082e7b7ef0cc7a82ed2840fa700e6ee3f322006160652a6a21
10c53fec666f188d628fea7bfdd6b30cb24b9a55ac0c9ef3dcf15f562b2fd9a6
13ea63c90cacf953e3eba54a5083eeae0a4ee8e1b67fedbd594e7f3128eaaa1f
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3
15fda53fec50af3afccaabeddfb604989393a704cbe5f0004bf0822f51b5288b
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16f6a89c89e20586fdb7ed77f218f6af5442e80c8c3116deb2ab0cdd5aae2001
17810a53b5ffc8157c46a6192533bf2e567a31e23b31c4bac42d214787e488f7
17cdc475987f8af44a66cef3d1539fbbb7c0790969230ce34266a2c25b8733f0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1d12c1a3dfa6b5a6dcda054067f4f756586710deb639f092babdbfeb2deeb721
1deed95852a49e7f7b4527125ff12e8ce75568fd6e1d91befca131bd595fd5ea
1e5f4bcf429cf7d0ef5957d1fa0eccdd5813cba6a1bf40f8ee42af5380d2a7ec
1f878b274a38de5001f17126a165d8e990267d5d28b1e8dc3661f1728eb54256
1ff39cab0ad3ca8bc174726bcf9c7ef2e1de32ce43d0f786dcc94062a747e3c0
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23fea0a987694a487d5e053345c610b6c2b0cee5943e6c54dffa8c4d3b8c2a27
2415fa6d35fe527adf53436bb939f47fb01d5b23105394e3f331d0de5702bfff
249fa1b84f753e84df5068ec2ad21ffe5b018bac7bfe38b24a9e2207f4cc8a7b
24d130ce4e5cddbd4d545aa58d8e49f1323ef6d0f30e5ac66b49f765be7cf4a2
25679e64b105c0acb0da7fe3cf9f7988027e9511a28c536f5ea322ac08e642dc
274b42bafcda176dc29defdd920da76c7e7828a8c90309704b83bea9acf457f3
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
29f3cd06447439f312a50a668b6436db3104824dec35b2d15ce30ee05056c6e0
2a900384426ebfde7fc7458431efef8dde0a35fa1177509b0808bc6f47254a6e
2b716e294ecf50ef28e9b3cc29c923858e1fc76cdae74715f18e788be584a564
2c4cc72d9db45aba624ba26e1cd0cb1c031fddc042884e71182a985a5b061c7f
2c77478156f15ac11098078acdfece91f6f64c832dc28a5b9bb96df485e64337
2def11179e29dc85ebb722bfd4a6c962701ad38ae298dcb5650c36c98df3266c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fb654676deeb5fb4fcf63837bb61856610ee36b07cd5c67b843a38af9fdb948
30dba6cd33988bd024a1df2348e5054e0bc89723d4997b8124594c06a3056f92
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
323e5af8a33b9e65da9de11179875c91d6f4db5cfc79e2e444d8a7d98b353400
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
33d7e7765a50718507efc39c9d145dc29ef473beb2a282a9fef310af69ddbfe9
34a26332340371e7b012780d8786e4efd93f3b24c70db3a284ce3e2d9ca46be9
37727880f7138cb2008cbebe912218cdf04ebde2d32b2ead6414f4973c168f4e
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3b29eac9127bcd1305d4c5528798e05546a55f55a13d21eaabbef0fc98938094
3bb3ae36789a86307f11a87006a35f4e9f069c57924141ae4e48c773ad097536
3bb5a755d2cead52daddbed76beabfe990961f0ff5397eda5b27989a5d7d4deb
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d6aa4a81b663c869b6e9c3ade8ee99bd6d18de18843ac75ae4670819b8d56d9
3df5746a25ab4dc32517df57deca8ecc5c425a2abd15c6d6f5fc817472e4d632
3f973d52c2e5dd999a84bc6b9a0e82aed56c24a0b3c34819de4badba69e6ca88
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40f56cf19caa8b74afc841450fa828596a35c4733a6e2a7a6261f3e8f2388332
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4aba982b324e91067e71f3e244196e486eb54b07bcb552eca140762a722c9929
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8a9f91efa071fef1ae36b2178873b6c92e16a7d4a1087468e85609c2e68d85
4f4206ab2f0fb5c89167649b6980f3a4b6c90a30c448d42dcb90960e2c44005c
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
50f0a9707b62fd19050b9d2029c3d33ca34e506bf476ad1a877018ad1b159e2f
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
5760268e960a24f33df8d74d270189856f6e2248eff4030f06fe98ef20d25fe4
581e9b691f11ca7c7b803f9bdd70bb110d982213c025de8cc47d8556388ef6f2
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5cd5fc5eaddb10da9e350910d3efa01173e0d5dd2f138834dfb3b835e3de68c4
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1
5e10801387114a129e9f06d6eedf6def06e1508ff4f53362043dd47a66bd7968
5fa27a71e7530663c8bfb835f67d72d7485a5582a82be83004871a661995e833
5fc9bf0931aff1665e74a8a55a21624d002ad118bb72a5b6800d7aa2936982e3
60565371ffa5001aa2a7abc01dc52bdf23754b9299a15968eebeb317dd9412e7
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61487d110e8cf774265c3ea19a8e7936548afe1ddcef7a2cc5793f20626644d3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f8cc4a9f44ce199de46c6bc9a1ba02ffdacd23a7ae71d800e5364d057ab06c
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
62cf47440cbf69b9d0a37c238c923e6544394913a5e5e615d017b1537aa06ec2
630449d41b41ba38bf6ded286f77e3b04ae2a8dfce0cef7b55a9c00003c2a44b
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65f0d85fb357558ec6e4170bcd3eee312c0fcc93aece6866688017d41e37cb23
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6a7cd882bb8944b4b5e40dafbde5f91d051dc6fdf5d924f2ef1c71affa91f790
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
71be5e913f629afefe0b56e22e3484c81386d0f14e9e338ad6b5e779d81f16bb
7231f5d6814a8eb17b1590e4a49895dd69583f31ada43dd63838f868d061af25
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
739ed8eaf1fcba373c8e2f54b4edc987484b3cf2106ac4871050ab12e1d7138e
75065914a896ca9bfa4af76d086699d6f5b994d28285d2e9b2b8cc6889a4747a
75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b
779249965fcc56df5ccc2c89293a582fbea63f785bc4041c878106b01b725dcb
77bc02a349f7d5d971084f507c88ad14423b43b4eac522e2eca4ab2734be43e4
77d5d50cdf09b1b8973935a132959dee7fb25e7d08c6daceef541979e030f7d3
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561
793bdfab72ad84a40b06db22176e14c6654329c1accc292a36c06228afd662c6
7a14d925b35bb3035cc21f39d7f34f8d83e5b1b2ad0bdc965d9d5e2ff7922fae
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7b5a341a6a735758668fd143aa206c128530868e441910cbdcfcbd4cd751902e
7d6fa469121a0362e33a5e0ddf964197b101adcbfa65bc22d0fe6dced8d68172
7fcbb849ee8ed3f4a06797012779e04511bd86ce7f68e6e6e55a315bd121e693
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
86597384cc5015799346280854ac0cbcd10b66ff0878706ca7410028001cf5c4
871e81a4aeb7aa22946eaa1edba78a5732e0ddb3729c5c463690e342ca7b5ce4
8983e435cd0dae3571093ffcbeaba1841b534d10a266f8351b6fed6044dcb452
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a656aa70be9cce33592b105a90fbf22bf5667a2e8000cb081d9d9cc36d1cf27
8d664e01881d90325f0d0f03bc0a2b3745d130fd309c172119a965d66324976a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2db3fad893c3c40244025d6bde1274f32540c68c94488facc3f40c7bae5659
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
8fe2117aa4c725f0e3b1a96f6172f46814b450fd315db1d0d2617339e57f025e
8fe95955a57b68b2ca6b5fc3f50ebca2eceab8f4dfec8164a04c2c27eb60236b
902f47bc9eeb026da8cbcef8c7ec51aaa1f73bf7ca587c8694cceb36ff91a92e
910079f377a7272f5d84d5ff023684003801a9aaa413f55892b0fb5f3bdb2bda
9122d35ca0b1532a344f0801f9004b862de73fe3ec70d6eb04a345cc02e8e2a3
92fdcadbf224bfe461644696c1eeaceb184b9906bfbe08a47a388680939df0e9
94997e329fab026a9f713cd475f5695008f8558220b1a813102bb736feef1bcd
970be70829bb6f5d9ef701170b2c75b03c08c8840240f4fd59216a367e08c9e3
9984cb6b0be2a839539669a0a04a44e515408d658b171b39177397cc061ed845
9a73d94c271536a26d00014dc06993cc5d6f9f64f1609e53b2d931a03c3beead
9c214017962f2b403ee2f8a0dd51333b467aa3f082c5fc93fdb86f0b3d90a19b
9d98b000d5293c69799dab34945896eabb8f649e753ada76af1de481ea037ead
9e17c64c951a99f128152c679eb2317fe523bc0f27f9c5386f3325e6f2933cd1
9f13082adbde42d586e885d84bd45545dde96c0098b678bbb4ed8a961511edef
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0bd5478392a74f3bfd936ca404370cd3e79a9a884af8fe4c5e1bcdd3e36fbc8
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a2a1f4c505ef43bce210d50eccf855747b1ed7a66f3dd5849ef7170c1f3a7657
a2bb12e88266c40aa8e4b1b0cd7204b23f0bbd8e8b4eabb96806116b590949cb
a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36
a51d8c00841ca528cb83b450f1e79f76481917e0c52e4af3cf4e21707a3c82a0
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a56ff3331dd91c0016db1310c80cb86269f27aa8590ae4d7c1afe1d610eb7fb9
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab9525531212106d7044eef898676595880d0a08d6f9e9537e8c21e8f21219f4
abdeff3f6b80e43233abe7678ac77ae09b4e04abbc10ad9cae8f472b8c12d151
ae9a3e4b6126d41fef61d81df21fe17e5e053bd5bcd52187e43bd67bee0fe214
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af4cb1079334e25d083285e5220cd7845056a6c8f69f3739dc86519a06ae4da4
b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b08f8aa498f27454ebb4fc74574ae6d76712ca0d1575dd7ff86683221f679d56
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f275e8c57349ed7e21f7ab7176799e90229135ed5133614811ef887adda03d
b6fbaa05c45d558628365fb49a71e5521d8883747f8778a370be7540faa19e6c
b789904f1040c2ffaa49c39466ca30151485a1755e8af916d5c08fff599a4d61
b8049b940f02850ebdea3e3c0bfeb7a62491111121894e6394cae14bed2a9264
b815630bf19d827a051c35d8619caf761d0af5df6452ffb8881b353061c79e28
b8ae744a57b39fe4ced7328838882eb465d5452d03a7b424dfd9eea9d3849c1f
ba33741f1b945cfb71d6fe3fb60628af0cb4cce7f464f84c43f5d6457b284272
ba9e143db781b645a27217f7205e9b2e51ba525c0458ad50e3868d695cc27fa3
baff14b391855fc2950612033035a23c5da5d92b90821e785216041a5912e96b
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bf7ebd4fad51be7d4fee8cfa34c08ef3f62d3cfa386ecce4e85a0c1ce6cb32c0
bf9c4c020ac4280f500779c26abe069e693f9047edef968d7cb27b2aacb0bb4e
c1c38c9c0ad13cfe2d9e7eafb46ae69f40fa031efce5570266087babf59a7660
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2d040825ca177c72048dfbc2a69b92907313e50a8126e04ab9e820edadad11d
c37757fcea357c2078afb149e652876779c1f620f4d9fa7afd424f5362643500
c41b696bdffa7defcd2a2c1e57a70a56246ee493f7e527898c701cd5dd462362
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c50572db509871d30d06ce413fdb34e7321976c553b245e977c31ac34922535d
c509aad73831b134cf895163606a337481b3a2bfd483e5331d8e092eb4055c6c
c6b461e28398566c5400381c27546e3c6d5e6ea790d53afa6ac2c64148772ac9
c744a42ecfaf5faa40dc9af8b27a5638ee4cf42ac9261037eac09d8732284b61
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
c83f22c2085b971c3d5379e1529193596815c7340ec6bff25cfe1fd38842adb6
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9b7e8f1830ab22613067e00ff38203ec5258997ba1215c18a29e5b0365e3543
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cc4c5c8e3d1bf32ad091e720ce9f7c22111ec003e84e6a4570b386b0fb0b210a
cc89945923d38b792886a72514949dc38cccd49e7f246890a2bd3c2b0e643328
cd9818ab6cef998db6194180ff87119e5f076d616a03e51634aa52fa2f1c4a98
cee45c6177a57358621d1a5875e1394d4a89de5b9853e73c8f9d16f9b0a9b590
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1930e88e4a3ba8445fe8e4afd7d665be2069980871c0f3b85d1dc646684448c
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23
d27525ced2953694930f0edf972564818531c00fe5b2bf8a6118bcdb5a25a975
d288569d31c44c2b5bf3971e7c4acab9d27401efb7212afa97b10e3e3ccbffab
d3e01853afa2f8a06e0aaf4352b56064214e570b582e12994774bdefe9c1fbc6
d3fac33385fe22ffb654f46efadb3ab0b4f2f9221a3557660b0fad4bd582c542
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d4e3449399ddf68ccf34b773362858d95b9ac768b828ff697f6573b5869a9a40
d603428d6465c58f7bdc43fe19c9693fff09fa3b5ac5a7734d5dd049aeb3de28
d620d85b3f182803e1ff644f05aa85514032731b60f75851b03f3500aac2c2e7
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7e664184b2eeb05112f250badaca2cd8c7b602958c2fe8ec4ca07338d763bbc
d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a
d921015568f0a3b71ce30f6efad2fe3cfcdeaa9c17a683946e13d0924748da94
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da18849e09ca7517671f0244bad6aff6299f6c320ea5b37213e76963ffeddf0e
dbf7eb98f997a8df116c6515ce77a2e76be2dafbdbc62cd7feade398544ac0a8
dc001916f69a33b4599ef0d5c417ab64605883e41f6fca731bbfbb0e0697ea12
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dcb07f18cc22ff5d5d8e4850ac3d93b32dc933e747fb6c865a87ed757da128f9
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dd301bcdf64b041ce0504b3a844ec9841e1bb2490df26423ec95f8ac926b549c
de1311b8cf026f7c26192341de425a3d7a334362d186c3c27c0bd9937f6fb9fc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e082e6b7c3dadd692d57462fe0c10ac1007282fbfe4317c06f1136e836694ebc
e0ad4af37844408ede5805a1ee5dc2c5e936f5ce2a96431ddf51e9d0475a3f0c
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4aa596e33871bdb3e7cbea283df24410b997228ff5ee3b4f19af8bdfad8f251
e6f44640021413129ba6c881b570b02a209f008c2261a81889158a8bab259ec9
e7384ba0bf8a340e4da6b1a041c68612b2d52cb325714a20f64b1cf05239455e
e7806495d7735fda9d0d9d2db6992711d64ecd8c9f9a7d8cb20527b44bd7c4aa
e7ffdc17f9a380f6376691bc77f18787b35359f2bd140b637a4e530bf5606f0a
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e8adbd64f6362d073f8cb1b430df715a3fb45e26c7bb3a2e6ffc87a76a8e874c
e8eabe7bc46b4d7aa7fe42977cb711ab291068a6cf39b2104ae85ad3784eb7ca
e8faca56615dce5f74aee84dd71dcc41068eeceeb5cc34692a7c202c9218d2e0
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ea34fd96fd354f9d8218bb5243380a109a25d99efa8ef0caf8ca1a8db2f0e711
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebe97061681cef9cab75ce4e70092ceee2628c887415f6921fc8f7a9174e1d6b
ec13d6ada1280c8f59b420f94a57f26725f26422667197ff7acf159e7f04e832
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6dcd95c9fbfdb77c4e8532f768c9b5dffba55e028748d3e9176602223ab126
f470d391494b15a7bdc6e52316c4fe6c86b23e8094376ef517f4aace42a86380
f4f5bc9d6560f0070591a6c76ad815195a2a2530aea7b99c4debe126a0042de4
f54afe71a5f43868a0077fbd51912f35f843fa889c0b22f2a398e553bd527518
f56c7216a36dd7d5f47a38fe3a80e9e8152d8a8a97e73d876ac116b152e11f78
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e
f6ae1c6b848303e5e839e14330b76fd5162968a269fa900a8909992eb58af9f9
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a
f745c6f5fa5259ec3c8d56fd08f1c892dff209e6cff2345436d33535e1da8954
f7766f29ea6cb27d8c27e22c108f8e8b7c71c252b9c9205a60ba6cf294f9c8c7
f9869e71eda7907cae8778852d86f276849e4916dbfb9d445e065e79ec612532
f9e21fe0f386e1eb0f9113df90ab2ccbbcf9a2ec39e26130d32fd0b3a5a31ba5
fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e
fcba0c33396ad77b36c7a57eb782498359b76c2d60200cafb1b37b8fc206e518
fd38cc4f5a1af807a9d255a14d926721a64f42f65c61942d20fdc5902fdda86f
fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f
fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f
fe2c332a9c0f3365c409187c3ada915ae20d99841cd054f20f59c1649c8ca01d
fec1d82b204775d2e2ff9fae80da6c932e9a5dbf9fea4e4e9bdfdf48e5dc2eeb
ff02c72033cfa80f94ec235be8379e3c0a6b3f535448a219fd3f7a164e6c593e
ff17df18c29c83710f08d1add651f127d74dfde3250fc9e83afb69b40047465b