www.theatreinchicago.com Open in urlscan Pro
74.208.236.154 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://thtr-chi.com/
Effective URL:
https://www.theatreinchicago.com/
Submission: On April 15 via api (April 15th 2023, 8:16:32 pm UTC) from US — Scanned from DE

Summary HTTP 244 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 37 IPs in 8 countries across 32 domains to perform 244 HTTP transactions. The main IP is 74.208.236.154, located in Norwalk, United States and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is www.theatreinchicago.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on January 29th 2023. Valid for: a year.

This is the only time www.theatreinchicago.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2606:4700:303... 2606:4700:3036::6815:31fa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	74.208.236.154 74.208.236.154	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
19	2400:52e0:1e0... 2400:52e0:1e00::1078:1	200325 (BUNNYCDN) (BUNNYCDN)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
2	104.17.148.185 104.17.148.185	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1 11	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	65.9.95.33 65.9.95.33	16509 (AMAZON-02) (AMAZON-02)
25	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
34	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
34	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 2	54.72.1.207 54.72.1.207	16509 (AMAZON-02) (AMAZON-02)
7 19	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	108.177.15.156 108.177.15.156	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:8c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1f18:1ac... 2600:1f18:1aca:4281:ea73:294d:a09b:a42	14618 (AMAZON-AES) (AMAZON-AES)
22	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5ed4:8d5d:fed7:f5ef	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
1 1	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1 2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
244	37

2 2606:4700:3036::6815:31fa (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

thtr-chi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 74.208.236.154 (Norwalk, United States)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 74-208-236-154.elastic-ssl.ui-r.com

www.theatreinchicago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2400:52e0:1e00::1078:1 (Germany)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.148.185 (None, )

ASN13335 (CLOUDFLARENET, US)

static.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
in.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-33.prg50.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.1.207 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-1-207.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.66 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.21 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.177.15.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:8c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f18:1aca:4281:ea73:294d:a09b:a42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.243 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.91 (Kamp-Lintfort, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	googlesyndication.com 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 138 pagead2.googlesyndication.com — Cisco Umbrella Rank: 105	769 KB
54	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 220 bid.g.doubleclick.net — Cisco Umbrella Rank: 734 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 333	343 KB
26	theatreinchicago.com www.theatreinchicago.com	631 KB
22	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 294	510 KB
20	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 4983 api.omappapi.com — Cisco Umbrella Rank: 5203	94 KB
12	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 73	2 KB
10	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	464 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 775 static.adsafeprotected.com — Cisco Umbrella Rank: 608 dt.adsafeprotected.com — Cisco Umbrella Rank: 541	104 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 553 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 458	6 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 227	5 KB
4	gstatic.com fonts.gstatic.com	57 KB
3	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 421 region1.google-analytics.com — Cisco Umbrella Rank: 2400	18 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 758	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 779 s.tribalfusion.com — Cisco Umbrella Rank: 1904	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1255	460 B
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 627	937 B
2	google.de www.google.de — Cisco Umbrella Rank: 6074 adservice.google.de — Cisco Umbrella Rank: 9047	986 B
2	getclicky.com static.getclicky.com — Cisco Umbrella Rank: 10886 in.getclicky.com — Cisco Umbrella Rank: 9270	6 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 182	19 KB
2	thtr-chi.com 2 redirects thtr-chi.com	1 KB
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1326	350 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 6107	591 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 496	919 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11518	1 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 778	339 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 635	191 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 773	715 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2677	104 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 685	464 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	82 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 818	20 KB
244	32

	Domain	Requested by
34	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com fw.adsafeprotected.com googleads.g.doubleclick.net s0.2mdn.net
34	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
26	www.theatreinchicago.com	www.theatreinchicago.com
25	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.theatreinchicago.com
22	s0.2mdn.net	www.theatreinchicago.com s0.2mdn.net
19	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
19	a.omappapi.com	www.theatreinchicago.com a.omappapi.com
11	www.google.com	1 redirects securepubads.g.doubleclick.net tpc.googlesyndication.com 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
10	www.googletagservices.com	www.theatreinchicago.com securepubads.g.doubleclick.net 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	dt.adsafeprotected.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	1 redirects 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com pagead2.googlesyndication.com
4	googleads4.g.doubleclick.net	www.theatreinchicago.com
4	fonts.gstatic.com	fonts.googleapis.com
3	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	image6.pubmatic.com	2 redirects
2	sync.teads.tv	1 redirects 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
2	sync-tm.everesttech.net	2 redirects
2	fw.adsafeprotected.com	1 redirects 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
2	ssl.google-analytics.com	www.theatreinchicago.com
2	fonts.googleapis.com	www.theatreinchicago.com a.omappapi.com
2	www.googleadservices.com	www.theatreinchicago.com www.googleadservices.com
2	thtr-chi.com	2 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	rtb.openx.net	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	m.exactag.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	onetag-sys.com	1 redirects
1	pixel-sync.sitescout.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	cms.quantserve.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	static.adsafeprotected.com	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	in.getclicky.com	static.getclicky.com
1	region1.google-analytics.com	www.googletagmanager.com
1	api.omappapi.com	a.omappapi.com
1	www.google.de	www.theatreinchicago.com
1	static.getclicky.com	www.theatreinchicago.com
1	www.googletagmanager.com	www.theatreinchicago.com
1	maxcdn.bootstrapcdn.com	www.theatreinchicago.com
244	47

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
twitter.com
app.monstercampaigns.com
www.theatreinla.com
www.theatreindc.com
www.theatreinnewyork.com
www.theatreinboston.com

Subject Issuer	Validity	Valid
*.theatreinchicago.com Encryption Everywhere DV TLS CA - G1	`2023-01-29` - `2024-01-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
a.omappapi.com R3	`2023-04-12` - `2023-07-11`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
static.getclicky.com E1	`2023-04-10` - `2023-07-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
api.opmnstr.com Amazon RSA 2048 M01	`2023-03-01` - `2024-02-08`	a year	crt.sh
in.getclicky.com E1	`2023-04-10` - `2023-07-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-01` - `2023-05-08`	2 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2022-08-19` - `2023-09-15`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://www.theatreinchicago.com/
Frame ID: 271F799198FEB39CA42DF8F67F6E91AF
Requests: 79 HTTP requests in this frame

Frame: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0CDEE4212A8AF9E51EE50C3A92BC62C8
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssp506DFTZ3_B8Skyawq5nmuQdXhvtY-2PUA8-sV6oOX7y333YZtKquQRHAMLUvngGyaIfXtHJThWnufSeJocDE3p7du__4J5AkDXia7B1Byq7zhwGrVqfaz1F9dawaJWiqaKgfKm44-jOFd74at2Fftdud4Nz0H1QaLmYXLG9APvnBK2g9DE7ATZfJ4fhSHTeoTDP0UUZhyTerbFjGGHLxGb6u8JnMcc14Z48tnljSoPi5q9Ojg0okZV5SquLhKTGoklKKn5ObnKO9b8u8iVhHMn8dC8XtZ_OilvYXlDMxHWgj4wNK4vDHo9j5vvJTdTyBpi-JFI2LUapYeUZaTC479u24mg&sai=AMfl-YQ0xoBYbcD-s21yxn3xjoqngafUy4rt6B82pUkQrigPCwxTJKuLNtIgmz_UYHJUAFYnfEqFqeClluqsNpXThWi6Ikmn6wsgq9ec3eVVdU2xKADxMyQSkXxGc9E0IQ&sig=Cg0ArKJSzA1BYlAbATCxEAE&uach_m=[UACH]&adurl=
Frame ID: 73083A76EF31F6CCB4BCCF6DEEA72D98
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9_aM6u0dlXfM44Pq9CTmJY1JCaAgcT74F7wg932wY4dRmwA_rqRDGxi4WqW9dFqcdnv8gF6ixXMewj8bYtJUOPHVXSK77XUgPkYGV-BGjm0BZh4ocQ7QUFtoWGv6O_mfxvwRdYvMUWGPPTTkVwXqn4ecKFpxbEnX1ai25HZ6sd_9GGpQEqocydeDu9k6XCaI-1a1C-G8xJUeN7i83-IAuBe2a-DsyDUtf1OX3q4kw7rSY85CVYym1yHMtxMMYMcFvlIKRgg0u0cOS4QGALPSehB1FGBIyEUEA2pJP4Xzo27bqaACwFJ0CyzhzD_oxMGwlvWxGrFDMEidslTJmp8y3XBoIidEQ6mQBXekssw&sai=AMfl-YQIsyUcw6uJUHlbOI8wK2lrswBrtjP8tZmFVk97QCfEkyVwMV-MEBJwVwvwAvHgHAWQu_LqxYMqMzjgbcDrQmGbYKsnEYTqtd-w1DNHXYK6EtKkNoRHBdzs4f2zzw&sig=Cg0ArKJSzCCqeSeCBg7AEAE&uach_m=[UACH]&adurl=
Frame ID: 462A2E960B19121F9430FD9813E6F049
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUyJ3f5CxO1TITdKArQGLVkOhNpPi1IgFRbbywq-lT_gFhagw9W8i6RJBpmEJYM3bGLfwr_aOIjKsIxXAo-Jc34wpkKYWeVTs2h7KTaZtkpKdrWuJtpjM_0X8OlbO911nTb3fcoahJ90OAweZZQjxkRNykdJioXvwgLuHKWblYMBvDu5PO135MH31N8u3iRbTRMjUd-0129PiU5nRzeNoI-OOgFHs--NyPITz2FqhnFNUZxd3cdhYuAumqOycZb9svGRm7MyV2gpbnZzSWJzVrB6fJb2HZzCniT14iTyCgMfQnlBdQZPZ479yQS-LsZH89BWLl9vnuRceNxxnySradU_mSmQ&sai=AMfl-YSTfKNUnbuUm-6l19j24C45qS3h1MTmWqH_Nx5v7UfFAgK3Ie9cvA_bcCkwFG9j0cyjbxDkmJHRp3wlrBdB7kTRJdFrpuLqCLklqHtL8a93FUl4VwD-v1a8dpxyCrI&sig=Cg0ArKJSzFcIjuv_TivAEAE&uach_m=[UACH]&adurl=
Frame ID: FB12F2CD0EF2A0C64AB4AC80F399F431
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstfDr4HLIYmRkApP-TDK_mU-wJUSVEZCDnFoVamYcU5BxjbUHDJgG8WFUIpsShwQAJF5oE8yg64C1jcN-a29KJdWaArRa4k__XIk0XIPV4vvIzYqg8T2_pAoLxUtCr3jDsEOy-d4vBTIgmjP5vDWPV0rcu_8YqleN56SoRwyQTFMfR6jJu0UvlnIoR0umtYV1TzIDEh2753ro5X_KpxWMXPaeVLCoZmCUfx5_S4DvWcg9CqA_-4bV5CgyCjkPBBiRuSMSdcP5vDXHpF8UEDmgOycnALTTt4pQaMBpmG7aa3LCR4XEGdmx2EbroJ3hrm_s8Ui5kjQdjRN1JF4Yf97JnTUb1efGYw4OQ&sai=AMfl-YRTijQu1Q8MkgB0-MBj3SHe5hl4InM7_aS8DCixIzcq5pbmy05kyLSB70Yv4u70yr-3Migl2ylGaIBAvwRIcNzJvy6suxAUU3q9La6bGYW2AHtWM770fsgcao5sSA&sig=Cg0ArKJSzMoakHU7zKnMEAE&uach_m=[UACH]&adurl=
Frame ID: D8E195335DB1A5F60E968A16A3397BF0
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPgUDt51_bW_ZvJ1ms8mD7MM9EKDgl55CequfIXuwh2NrscsrltS8ZDmo2uCbV4YhYTFci5ZK1YtAd8vQWJXW6CFRTAco6dliA4wH5QL31WnS3_WXSGyCLpFqxn6BlZROPrv8MJvFwajR46LSqDnZ5N_kRMSiWiVRVRflfDt9hJCYwqhFEek8g-lWsjS-vqNd4zqVtLcrIltVkoo-kC88UXcsTQO0UY7aMAWGca7d3P6WEsJv0_BkYVYr_p6fvWpy-zXQuey3xlzpCO-U2VwB_OwTbJi2nJZZiVUnDjGHaDjm785ugkup5RCFkeVksGw6apn6GFhopySimgSyRtQumUEolTaGsu2U&sai=AMfl-YTbN5Cwh0p8qCXuCzvFY3FpEGzfl4PdAFoUTDh-Wxhh_D6zgHAyJrsx5nqqm96YW3vTWjOfKwAhu2TJOa2MgD0yUMJnKtYSkIyvJbscEl-RLxc6EViO5yWCWFQhRw&sig=Cg0ArKJSzKBNYdgeDsyvEAE&uach_m=[UACH]&adurl=
Frame ID: 2B61293EE4DFE9E8236DBEA59226E664
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36A7B6666191BDCF6C13F0EDE20D9C6D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 75FE619093C9DEAD991354B40E3DCA9E
Requests: 2 HTTP requests in this frame

Frame: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A0490F8471BAC8E59A3CBAF5C7291C9F
Requests: 29 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstF2znf4i6DJQG2np_SA9NqqLU1HHZw-zgO8U3U-GyY66WmAQUztWNuZSykCcaIdRmsO7M0wQ5DfmdideOH_1tsDop4ZNixZY8FxU-OYDWl_JwMapG8ypFmzt005UrhOCoNwRY7EojRdN8f6-PelXQ3lMY_yjgDumOboLOsnXt9Mc_iC9gVpU2zVbgHhrSpH4CF4JUII6ZwM22Sd4_ikDJ-qc5ElYFfkAA6MGp4oIsGLD8l_H4bS_9AdDWksAVZRI5qSzYT7LcPOZmsGgNrMP0_kqph0YIKzv9GJc_D4DEYadt0OOQx0jMCL3eqNAEAS0PM4L2SFdI151R5F05WA0xXaXKqKBVYn1aROKRluk0&sai=AMfl-YT16esOV1hkRTpvdBxzKEK8s-3e4uhMtHc20yCEcY8lOH2KaI5oYnj2oXPdNDwKxl24ldmzcC9EpAaEE0CVHqjPWkyDLmLCDKdZhIO_RbGd2hwghbCHUNqLjxblt_o&sig=Cg0ArKJSzBj9dXScAQIrEAE&uach_m=[UACH]&adurl=
Frame ID: 93B47F66F7ABDACAE45280005E192693
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY_oro4gEwAQ&v=APEucNVPWHVt0ZynzDljX8QbfVVUKVydE2B6hmfCAwi61gN5XmMyyieTJQw_mdaYedFBdSnYyT6yJrwaA67hJBTljYPveUNVACyZXRmhS-YR6kWQ90Y2QYfV37XG9QtWadOkmbwmOo4W5uNOMnIKeqTVuNf2FezoTmyESGNceTgaLnSz6TclNp4
Frame ID: A99BBB8F578E6D68F03C8E7200F52B29
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 9F29195BF69936E2DC699E37931D55D5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 611D775D699EEF96AA51C750627C77B7
Requests: 3 HTTP requests in this frame

Frame: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 08B1AE041A7559A4D28A4B7A319DF9E7
Requests: 19 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYX9UK7eHpETMPnHznRl-8Ko_3mj6JmC0E3WsoTrSPoj7v9CBJ9J4DKGY5TeUWgtDRSl5qqEe9o5JIhat-Gny6lGkSszxe8KUK_o11yr2Bd1iulQ0mxeebXCg8SAQqy1G6jkJIL1Jxdnoydt5TZZo21-YEEjSa34MlVWQbyi0aJzBRHjwgbi-PEtwinxld7c1nNGPoU9RvdmfmsOyhq73ikZVJHn18r-h-TROlAW1MQSITE6kV44E2TnMFzSBHsm2Vum865oJOzae5s1zV9OGKEKdWdRW7ZKsOGMOQXfeT77X84SasgKJZBNgE6H5GekVZwkDIUAL1SvamfQRmH9qoYUujSzOx1Q&sai=AMfl-YTO5KG2vuJtr5LIEnTKVr1xpqiXvGK-bFvv2VBYEw7MZ8dtgQPmZd74L-B1WmGjP43J2m85qnbbuS__nXS8gGHs-5_g9RzwOKWZLNQKxi4XqXusT6adFBPAvU8L1w&sig=Cg0ArKJSzLAKAcCDiuKcEAE&uach_m=[UACH]&adurl=
Frame ID: A72A0369A706C2B76DB5BB57138EC335
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiM97DlATAB&v=APEucNViA84n7LGgy3Q2V-U9cNwScCMNb8oCubfFl4WZpwqzqCp0DYsSH3SRQUYuzsaHtSERyjwB_M0U4bN6b-gvqzhRUDHocGvclc2sPW-f9Tzx9jtazAnM_z-98VSXQ6TE1YhWibabVr6MP7dgx54zZjYpAOplgPn-NLhd0wr6iU4VGxqYz6Q
Frame ID: 40AAF6C6748910493CF065E20094CD3F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F6178AF797C1CDC8AA1D6EB9AAF4E65A
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
Frame ID: E1A3E9F3554AF9C970A5BA06D066A656
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CB2426E162F30B6FBFE7CCE9BCED4276
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
Frame ID: B93CB6DDC0C169FE5261FC2537E1CBE5
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7A4D309AD4E7085A4257570F919617A4
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js
Frame ID: A0EDE92EA1222EF74F0CAC3A8F8631C6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js
Frame ID: 5C424670433BC96D2A4B46F8273AC45D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Theatre In Chicago - Your Source For Plays In Chicago - Chicago Plays

Page URL History Show full URLs

http://thtr-chi.com/ HTTP 302
https://thtr-chi.com/ HTTP 302
https://www.theatreinchicago.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clicky (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.getclicky\.com

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

244
Requests

92 %
HTTPS

53 %
IPv6

32
Domains

47
Subdomains

37
IPs

8
Countries

3124 kB
Transfer

6620 kB
Size

31
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/channel/UC3qGsmVHg7YpAgV7Ak0e1IQ/videos

Search URL Search Domain Scan URL

URL: https://twitter.com/theatrechicago

Search URL Search Domain Scan URL

URL: https://app.monstercampaigns.com/c/rqlqwrbtjrjs5y0fahhh/
Title: Sign Up For Our Newsletter

Search URL Search Domain Scan URL

URL: http://www.theatreinla.com/
Title: Theatre In LA

Search URL Search Domain Scan URL

URL: http://www.theatreindc.com/
Title: Theatre In DC

Search URL Search Domain Scan URL

URL: http://www.theatreinnewyork.com/
Title: Theatre In New York

Search URL Search Domain Scan URL

URL: http://www.theatreinboston.com/
Title: Theatre In Boston

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://thtr-chi.com/ HTTP 302
https://thtr-chi.com/ HTTP 302
https://www.theatreinchicago.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068461150/?random=817217741&cv=9&fst=1681589784990&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=GQY7ZLSPAdfL1gaOpLTQBg&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=1095821672&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=1095821672&resp=GooglemKTybQhCsO&ipr=y

Request Chain 138

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1

Request Chain 139

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEA6O_dOLiX5b5jXcFHkCbsI&google_cver=1

Request Chain 141

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

Request Chain 147

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224241/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-4875329658179347&ias_chanId=1&ias_placementId=19774044633&bidurl=https://www.theatreinchicago.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h2LvqD8voODyIs9jta41kw&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:a17ce71e-2a5f-d0fc-4266-3a4498606a66,c:9T2Uer,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-gnpmh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:20,oid:6665d62f-dbca-11ed-adf7-a242599692cc,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=

Request Chain 186

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESENU3yk1xkCLwe1bZBTq7FCU&google_cver=1&google_push=Aer7DvKTm276KrES6LtRsYJtbcIniUagrhM-bMzk6T_gP9CM7DCKQQkKyaAqiZzzUfu3D6GVQOPk_VPaeBZEjS-FlRCc1PsfYaf7WBk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENU3yk1xkCLwe1bZBTq7FCU&google_push=Aer7DvKTm276KrES6LtRsYJtbcIniUagrhM-bMzk6T_gP9CM7DCKQQkKyaAqiZzzUfu3D6GVQOPk_VPaeBZEjS-FlRCc1PsfYaf7WBk

Request Chain 187

https://um.simpli.fi/gp_match?google_gid=CAESEAsAQm9pGzFTPONUoqLPf1Q&google_cver=1&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTfGfHUokN2dSds23Bw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=949C3ED6ACF848988517DA61DF7B0D84&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTfGfHUokN2dSds23Bw

Request Chain 189

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHL1HsmYbPRlr1I_hVyrr34&google_cver=1&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovmMfnaSJoPLjN_xUSlFYI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovmMfnaSJoPLjN_xUSlFYI

Request Chain 190

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEPNxgf6teVXeOnOsXBdQD6I&google_cver=1&google_push=Aer7DvKYUkpzc9xyNBdovpirQduEqDXcQbtChiTOut45CyfUbWphql2TIOYpeU71DpBqaFd5TPLXsg1TOAUzj7iXiojIB2NIm02Bh_Hx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKYUkpzc9xyNBdovpirQduEqDXcQbtChiTOut45CyfUbWphql2TIOYpeU71DpBqaFd5TPLXsg1TOAUzj7iXiojIB2NIm02Bh_Hx HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1

Request Chain 193

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1

Request Chain 194

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMMl_8Fj8q9-7MW3RnrC0M&google_cver=1

Request Chain 195

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

Request Chain 210

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEM0MHuK17e4XYcqJiXENCPw&google_cver=1&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQOillc_29YQm-noBtV67rw2CKriUqk5xnOnNUnsVQMRNjJtqrxuG7KgTaTA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQOillc_29YQm-noBtV67rw2CKriUqk5xnOnNUnsVQMRNjJtqrxuG7KgTaTA

Request Chain 211

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 212

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBaswXI1Q9nDFsXtynu6vQ4&google_cver=1&google_push=Aer7DvKfrWZ_Ly5tpv3IbVjdy_Tt488YrMIDmi5N2e2bJoJ5a7gg1WalgI_cTwvjDKskQcUJAXJIh6mSSpWIEn5qnf_vaHSK0uvuyw_-xy9zHORn06UFvc-ejbsFsqMCixxwCBVVGBEH0t_qqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBaswXI1Q9nDFsXtynu6vQ4&google_push=Aer7DvKfrWZ_Ly5tpv3IbVjdy_Tt488YrMIDmi5N2e2bJoJ5a7gg1WalgI_cTwvjDKskQcUJAXJIh6mSSpWIEn5qnf_vaHSK0uvuyw_-xy9zHORn06UFvc-ejbsFsqMCixxwCBVVGBEH0t_qqA

Request Chain 213

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGsRfEsFxZqKBgY81__ukHM&google_cver=1&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvpqohA6jnAqsgEKDYaLFFBWkLTrJGM7scWPAXePOy0r8tqTskbJN0H4amj HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=m9TsvUjHQ-yQWLKO3_el3w2&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvpqohA6jnAqsgEKDYaLFFBWkLTrJGM7scWPAXePOy0r8tqTskbJN0H4amj

Request Chain 215

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKFnOrrQnLn3gq5NXHoH0t4&google_cver=1&google_push=Aer7DvI6WV66zaNbmV4x9vfg_WiKoFPThGfOqb20Nq-qe2S9VGlVf3KhbX6Zq4G09HzsK2PgaCKWP56Ltr1DK3rimEQwaTOuF_PsWtHkQSJyCx0vT4wwZ3z8ET8PEbiisPRV9vdk6NUU5XmR HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKFnOrrQnLn3gq5NXHoH0t4&google_cver=1&google_push=Aer7DvI6WV66zaNbmV4x9vfg_WiKoFPThGfOqb20Nq-qe2S9VGlVf3KhbX6Zq4G09HzsK2PgaCKWP56Ltr1DK3rimEQwaTOuF_PsWtHkQSJyCx0vT4wwZ3z8ET8PEbiisPRV9vdk6NUU5XmR&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=gv9fkCL1RcmtGAJreVurEg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvI6WV66zaNbmV4x9vfg_WiKoFPThGfOqb20Nq-qe2S9VGlVf3KhbX6Zq4G09HzsK2PgaCKWP56Ltr1DK3rimEQwaTOuF_PsWtHkQSJyCx0vT4wwZ3z8ET8PEbiisPRV9vdk6NUU5XmR

Request Chain 216

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_cver=1&google_push=Aer7DvJABsjDM60cfB1zYDoSLwdBS98bAghBPXRelnvh0kwDwbPyf9XLY0ARSj-TZUGpp7RqiSrsQ9hKwi8P0wQlplGx06qfjevgWQQuHcd6ySXUiBW3tYKd0-mTLu_KWmJ4qKW30BaSxOcMCg HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAAFCoAAAAB&google_nid=index&google_push=Aer7DvJABsjDM60cfB1zYDoSLwdBS98bAghBPXRelnvh0kwDwbPyf9XLY0ARSj-TZUGpp7RqiSrsQ9hKwi8P0wQlplGx06qfjevgWQQuHcd6ySXUiBW3tYKd0-mTLu_KWmJ4qKW30BaSxOcMCg

244 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.theatreinchicago.com/
Redirect Chain

http://thtr-chi.com/
https://thtr-chi.com/
https://www.theatreinchicago.com/

57 KB
12 KB

658ms
295ms

Document
text/html

74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache / PHP/5.5.38
Resource Hash: 01de230100ff6ca985cde8be657583058e5616046a0a79f05361e89274d72685

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html
date: Sat, 15 Apr 2023 20:16:23 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
x-powered-by: PHP/5.5.38

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7b86ddaead723674-FRA
content-type: text/html; charset=utf-8
date: Sat, 15 Apr 2023 20:16:23 GMT
location: https://www.theatreinchicago.com
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfGhh2KhglDhthJ2sI1evy1QaY7AwbmtaR0Eagkqv6kcoQ3BXwra97shSbHnACeHT0aeT1Gtcjtgu7e1BmkNaxey3oe%2Bc6rTGoNh5Et5x%2FdMZCuxY8vJ6glCr7XB7a6JuRriyYfz6WXpuWk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Cookie, Origin

GET
H2 200 ui.all.css
www.theatreinchicago.com/includes/leftsearch/theme/ 47 B
242 B 167ms
166ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: bd9343e493cd44c5213f0af31541550cfeaf0590f1f1998c0f1876c7746b4e43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "2f-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 47
expires: Mon, 15 May 2023 20:16:23 GMT

GET
H2 200 jquery-1.3.1.js Show response
www.theatreinchicago.com/includes/leftsearch/ 52 KB
52 KB 168ms
167ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/jquery-1.3.1.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 63968bd2eb3010c82017befe42790225802cbf035d3168af76357ae85708bbfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Tue, 24 May 2011 21:03:10 GMT
server: Apache
accept-ranges: bytes
etag: "cf7e-4a40bea56df80"
content-length: 53118
content-type: text/javascript

GET
H2 200 jquery-ui-personalized-1.6rc6.js Show response
www.theatreinchicago.com/includes/leftsearch/ 164 KB
165 KB 237ms
236ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/jquery-ui-personalized-1.6rc6.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c8401d267b771261f21a9d00951d93ccee54bbc2d910433f86b7c5b975060b4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Tue, 24 May 2011 21:02:07 GMT
server: Apache
accept-ranges: bytes
etag: "29121-4a40be69591c0"
content-length: 168225
content-type: text/javascript

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 154ms
50ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617, 617, 617
age: 7701163
cdn-cachedat: 2021-06-08 14:35:16
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a25b3b26237dd55b5f417f26a9965dbb
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 7b86ddb60a0330d6-FRA
cdn-requestpullsuccess: True

GET
H2 200 style.css
www.theatreinchicago.com/styles/ 54 KB
54 KB 166ms
165ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/styles/style.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 9ead719662d12d46e58484bd0b7a00cc267edf5a0df7c4d4e67978f29d1d33e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Tue, 07 Feb 2023 22:44:51 GMT
server: Apache
etag: "d78d-5f423e54cd47c"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 55181
expires: Mon, 15 May 2023 20:16:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
82 KB 151ms
57ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5VT249Q4NT

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9dbe012a3f8e152b859141ea837d22b6c204a02e35fbbd009e1aa58df426cfd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83859
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 add-src-cookie-script.js Show response
www.theatreinchicago.com/includes/ 712 B
861 B 168ms
167ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/add-src-cookie-script.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 20acf5d6867ff28c18e9ec81b2e3bd8e703b73e2024fc96768c0ce2a5ac6780e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Wed, 26 May 2021 12:06:35 GMT
server: Apache
accept-ranges: bytes
etag: "2c8-5c33a795b7f1a"
content-length: 712
content-type: text/javascript

GET
H2 200 add-src-ne-cookie-script.js Show response
www.theatreinchicago.com/includes/ 712 B
861 B 171ms
170ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/add-src-ne-cookie-script.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 0eeb8b2025374b7e01734372458ddddedd9a97e0b9f9184ed5f2fd9d50d56f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:23 GMT
last-modified: Tue, 01 Jun 2021 18:10:40 GMT
server: Apache
accept-ranges: bytes
etag: "2c8-5c3b842781cee"
content-length: 712
content-type: text/javascript

GET
H2 200 tic_logo.gif
www.theatreinchicago.com/images/main/ 5 KB
5 KB 175ms
171ms Image
image/gif 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/tic_logo.gif
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3a0a0663352bcb92d46f373306fd1605e5ddd78fbca826a3a70611f3d490d917

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Mon, 24 Oct 2005 20:02:32 GMT
server: Apache
etag: "1263-403e580e92600"
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4707
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 galileos-daughter-remy-bumppo-theatre.jpg
www.theatreinchicago.com/images/playFS/ 91 KB
91 KB 176ms
173ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/playFS/galileos-daughter-remy-bumppo-theatre.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 6eb45ae63aad2f02ea07ea5e23ffbba9bd979e8a7d59b93b55a1133ea2862df7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Thu, 13 Apr 2023 15:10:50 GMT
server: Apache
etag: "16af3-5f939214d7b53"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 92915
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 arrow.png
www.theatreinchicago.com/styles/ 643 B
841 B 176ms
173ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/arrow.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 85506787e85b4201c6cb65348b2f2584372d994197d872a63dfe28d434b2c870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "283-5c33a7a0dc73c"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 643
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 broadway-in-chicago-season-2023.jpg
www.theatreinchicago.com/images/articles/ 53 KB
53 KB 184ms
181ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/articles/broadway-in-chicago-season-2023.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: a69f79d0a55e5070aeccadc35986cd16be219260fc35cef3a315c7f627b19870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Mon, 13 Mar 2023 17:58:44 GMT
server: Apache
etag: "d2c6-5f6cbdcad122e"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 53958
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 hamilton-returns-to-chicago.jpg
www.theatreinchicago.com/images/articles/ 58 KB
59 KB 183ms
181ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/articles/hamilton-returns-to-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 46f3297cf1d30e9b63e0d60f70d3cb1f94b8b30f6d8aee71ef058dd3604e79f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 22 Feb 2023 19:48:21 GMT
server: Apache
etag: "e973-5f54f2db9ae28"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 59763
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 london-road-at-shattered-globe-theatre.jpg
www.theatreinchicago.com/images/play/ 40 KB
40 KB 184ms
181ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/play/london-road-at-shattered-globe-theatre.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: aa74cca75286821b96ba27a9a06764471728404e07d42c5fc70cd1b2032be829

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Fri, 14 Apr 2023 14:32:30 GMT
server: Apache
etag: "9fbf-5f94cb60b14d5"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 40895
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 the-porch-on-windy-hill-northbrook-theatre.jpg
www.theatreinchicago.com/images/play/ 45 KB
45 KB 209ms
206ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/play/the-porch-on-windy-hill-northbrook-theatre.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: dc890bd64ee80dd53b6f7ca93f2386526f489708c1ef3656f272c0a439394cc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Sat, 25 Mar 2023 23:30:29 GMT
server: Apache
etag: "b27e-5f7c1e52d4b46"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 45694
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 jeff-awards-chicago.jpg
www.theatreinchicago.com/images//articles/ 10 KB
10 KB 184ms
181ms Image
image/jpeg 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images//articles/jeff-awards-chicago.jpg
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 68aeb5c7e3370887367e72f5935462fd1362e82b7887eed0e4e230313f590ab8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Tue, 23 Aug 2022 23:40:54 GMT
server: Apache
etag: "26a6-5e6f118605a6c"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9894
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 logo-footer.png
www.theatreinchicago.com/ 9 KB
10 KB 336ms
161ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/logo-footer.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3408d5e5a86185a87d27c4cfdf941c94f6474efca8a232089eca3debb9266b0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 26 May 2021 12:06:53 GMT
server: Apache
etag: "259b-5c33a7a76b252"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9627
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 youtube-theatreinchicago.png
www.theatreinchicago.com/images/main/ 1 KB
1 KB 337ms
161ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/youtube-theatreinchicago.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c08b857e67f202ceb9d0fd96b256d6fd597229cc67c3596dc8d860d444032342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Mon, 22 Nov 2021 18:27:41 GMT
server: Apache
etag: "46c-5d164c7c1174a"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1132
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 twitter-theatreinchicago.png
www.theatreinchicago.com/images/main/ 1 KB
1 KB 400ms
156ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/images/main/twitter-theatreinchicago.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: d6d46477991976d7a536bf82b4d2da4c385072f52a028ea9b1b8cad35a5a6d03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Mon, 22 Nov 2021 18:27:59 GMT
server: Apache
etag: "506-5d164c8ceade3"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1286
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 50 KB
19 KB 140ms
39ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 027c2027172321d6e83d4aaf70caa78667cb5bebbf55791aee309fd55994db3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 723
perma-cache: HIT
cdn-storageserver: DE-572
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Tue, 11 Apr 2023 19:29:33 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 615
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6435b51d-c83b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 7838b40401a39e253e9674cdc985133b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 48 KB
18 KB 199ms
98ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ffe9f5af1f80a9ba2f3208eb78ffcc24421bdbdd2964fa9799e055091a0970f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17795
x-xss-protection: 0
server: cafe
etag: 11089304436725066277
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:24 GMT

GET
H2 200 custom.js Show response
www.theatreinchicago.com/js/ 5 KB
6 KB 187ms
187ms Script
text/javascript 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/js/custom.js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 266b00110d332a59a61f03ca966ca64c400947d3df49d9ae543738203e796268

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
last-modified: Tue, 01 Jun 2021 14:37:50 GMT
server: Apache
accept-ranges: bytes
etag: "15d3-5c3b549575364"
content-length: 5587
content-type: text/javascript

GET
H2 200 ui.base.css
www.theatreinchicago.com/includes/leftsearch/theme/ 260 B
457 B 563ms
562ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: a5593ee287dd4b1700d5da17311630731775218b9e980946477e185881b820dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "104-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 260
expires: Mon, 15 May 2023 20:16:24 GMT

GET
H2 200 ui.theme.css
www.theatreinchicago.com/includes/leftsearch/theme/ 17 KB
17 KB 575ms
575ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.theme.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 35f76a9b54a670b0bf14d5b99e194e6fbbc0f0e49d3c0f68d3e3d05843c5a07c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "421c-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16924
expires: Mon, 15 May 2023 20:16:24 GMT

GET
H2 200 ui.core.css
www.theatreinchicago.com/includes/leftsearch/theme/ 1 KB
2 KB 157ms
157ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.core.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 2ea24df9a3e1eb05c5927721b875ac55379cb6f3ed2f89561ddd1002fa99ef2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "548-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1352
expires: Mon, 15 May 2023 20:16:24 GMT

GET
H2 200 ui.datepicker.css
www.theatreinchicago.com/includes/leftsearch/theme/ 4 KB
4 KB 159ms
158ms Stylesheet
text/css 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.datepicker.css
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 19179e033857b424a0fa75ddd2552a90ce462c5163991dcd7df07bde205fafef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/includes/leftsearch/theme/ui.base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:24 GMT
last-modified: Wed, 27 Oct 2010 13:11:00 GMT
server: Apache
etag: "ff2-49398f4e80100"
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4082
expires: Mon, 15 May 2023 20:16:24 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
968 B 175ms
89ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Rubik:wght@300;400;600&display=swap

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7b9d31abe000e9fb35aaa9882c1df809cd4869ef2b0b9876d61f79941eef80fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 15 Apr 2023 20:16:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 15 Apr 2023 20:16:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Apr 2023 20:16:24 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 77 KB
25 KB 191ms
100ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24b99e2a2567df86791e59f85f8193eb6a228d37508a7cab00fb390a6d43597e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25618
x-xss-protection: 0
server: cafe
etag: 791 / 19462 / m202304110101 / config-hash: 11787412583201714567
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 157ms
39ms Script
text/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 20:11:05 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 320
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Sat, 15 Apr 2023 22:11:05 GMT

GET
H2 200 js Show response
static.getclicky.com/ 15 KB
6 KB 150ms
53ms Script
text/javascript 104.17.148.185
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getclicky.com/js
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.148.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e731c3fffee43e126f68c44220752e466f3ab4ae664c9409c495ed7ca6a096ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

expires: Fri, 21 Apr 2023 15:40:51 GMT
date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 14 Apr 2023 15:40:51 GMT
server: cloudflare
age: 102934
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 7b86ddbccb04367d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-proxy-cache: HIT

GET
H2 200 arrow-down.png
www.theatreinchicago.com/styles/ 287 B
485 B 335ms
157ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/arrow-down.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 02393e6c4d1934612af95f1a84117b135af46278f78b97124eae6536bb5b20d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/styles/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "11f-5c33a7a09fe7f"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 287
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v26/ 33 KB
34 KB 127ms
40ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Rubik:wght@300;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:31:37 GMT
x-content-type-options: nosniff
age: 380688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33868
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Apr 2024 10:31:37 GMT

GET
H2 200 search.png
www.theatreinchicago.com/styles/ 474 B
672 B 350ms
156ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/search.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/styles/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: 3100d491b841fa14ff6e424f20fdf84f0c815af85644b26e333aedad86eb7b79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/styles/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 26 May 2021 12:06:48 GMT
server: Apache
etag: "1da-5c33a7a2c5b47"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 474
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1068461150/ 2 KB
2 KB 54ms
54ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1068461150/?random=1681589784990&cv=9&fst=1681589784990&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8e066aa29c41c912d3ac4c041f10f3945663694bc05e245f2f7bfda20c726568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1419
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 calendar.png
www.theatreinchicago.com/styles/ 400 B
598 B 335ms
156ms Image
image/png 74.208.236.154
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.theatreinchicago.com/styles/calendar.png
Requested by: Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.208.236.154 Norwalk, United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS: 74-208-236-154.elastic-ssl.ui-r.com
Software: Apache /
Resource Hash: c928e1245a631b7a54428fe8bc128e68a0df9328a08b4caf902b01ade3922ec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
last-modified: Wed, 26 May 2021 12:06:46 GMT
server: Apache
etag: "190-5c33a7a0fab9b"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 400
expires: Mon, 15 May 2023 20:16:25 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/1068461150/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068461150/?random=817217741&cv=9&fst=1681589784990&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&resp=GooglemKTyb...
https://www.google.com/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&...
https://www.google.de/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u...

42 B
455 B

291ms
51ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=1095821672&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/1068461150/?random=817217741&cv=9&fst=1681588800000&num=1&value=0&label=FVhMCJy9-wEQ3ti9_QM&bg=666666&hl=en&guid=ON&eid=375603261%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&tiba=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&crd=&is_vtc=1&random=1095821672&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 48ms
47ms Image
image/gif 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=980061226&utmhn=www.theatreinchicago.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&utmhid=1543400883&utmr=-&utmp=%2F&utmht=1681589785148&utmac=UA-192177-2&utmcc=__utma%3D200663403.606482521.1681589785.1681589785.1681589785.1%3B%2B__utmz%3D200663403.1681589785.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1960706831&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 18 KB
3 KB 40ms
39ms Stylesheet
text/css 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 755
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Tue, 11 Apr 2023 19:32:08 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 601
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6435b5b8-464c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c6191e94da616b512bb17231cd1f6a31
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 111213 Show response
api.omappapi.com/v2/embed/ 20 KB
5 KB 288ms
146ms XHR
application/json 65.9.95.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/111213?d=theatreinchicago.com
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-33.prg50.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 0fec98a39e258bf2d0c18e1db83026eca6a93bb02a6b5a0a96a5841e8fdbaf61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
via: 1.1 f18b0bd4a5b62e5fb49428cc4789689e.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: PRG50-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-account: 123068
x-user-agent: standard--
last-modified: Fri, 24 Dec 2021 15:43:58 GMT
server: Pagely Gateway/1.5.1
etag: W/"634f4dc2ca4952a229e8eea65cbafb44"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: HseFmUoFtzRKlnF4MfiS5yUPSsJyW47vlzesh92Z_ZCN7xQCzcRgEg==
expires: Sat, 15 Apr 2023 20:11:05 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/ 400 KB
124 KB 165ms
40ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e06787d09c0170febea7e8d6ec75107fd88e6875072fdab051f36494e4a9784c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 11:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31204
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126862
x-xss-protection: 0
server: cafe
etag: 16869941564567738629
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 14 Apr 2024 11:36:21 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 88 B
602 B 197ms
75ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.theatreinchicago.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92fa2c257df821f4d02c0e179b6de49863a0a47ea968344c51f70da4aa75f0ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:25 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
260 B 136ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5VT249Q4NT&gtm=45je34c0&_p=1543400883&cid=21846822.1681589785&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681589785&sct=1&seg=0&dl=https%3A%2F%2Fwww.theatreinchicago.com%2F&dt=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5VT249Q4NT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 in.php Show response
in.getclicky.com/ 161 B
391 B 465ms
215ms Script
text/javascript 104.17.148.185
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://in.getclicky.com/in.php?site_id=66535313&type=pageview&href=%2F&title=Theatre%20In%20Chicago%20-%20Your%20Source%20For%20Plays%20In%20Chicago%20-%20Chicago%20Plays&res=1600x1200&lang=en-US&tz=Etc%2FUnknown&tc=&ck=1&mime=js&x=0.5864130506357683
Requested by: Host: static.getclicky.com
URL: https://static.getclicky.com/js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.148.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed085d3263a9d67c1f4e54f89c50b3755b1feeb9d70ee08fe855d630850f800e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7b86ddbfffe99a18-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 5.112e6dc7.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 42ms
42ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.112e6dc7.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: f77582bed375bcc38f36c2b1a15e9deb97f387905b0c087a77448add795cd0c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 723
perma-cache: HIT
cdn-storageserver: DE-569
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Thu, 02 Feb 2023 22:05:53 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 541
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63dc33c1-3f86"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 9b7cc993ad2899f829828b78e5803224
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 138ms
48ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.theatreinchicago.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 140ms
51ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.theatreinchicago.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 102ms
100ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICLBFooter&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&adks=2649920363&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785541&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=620&adys=20&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=750x90&msz=0x0&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc135e2646aa48c5ffe889bbf1ea3dd0a6073cb6a3666b2d92415bd391678eb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17777
x-xss-protection: 0
google-lineitem-id: 6273731696
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429227898
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 107ms
105ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICmobile320x50&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=2&adks=1867916015&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785549&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=0x0&msz=0x-1&fws=128&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f13f1b0c4ad2befcc9c5a606098f2c676dd386b82434c9e7048e336bacb94482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17664
x-xss-protection: 0
google-lineitem-id: 6273262795
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429230927
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 1695ms
1693ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICleftcolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=3&adks=3804964394&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785552&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=230&adys=692&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=165x620&msz=160x0&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2f3ef5fdaaa2e03483204b37e359c816a4845ad701a5b646464c3b15050a54a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17591
x-xss-protection: 0
google-lineitem-id: 6271381641
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429259887
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 1689ms
1688ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightbottomfour&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=4&adks=2864252215&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785554&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=230&adys=712&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=165x620&msz=160x-1&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b7ba61576b256d85f2eb4778ff2b773a85e79e5a3d53e2fd380fdc9afde9e7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8889
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 98ms
97ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightuppercolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=5&adks=695397921&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785555&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=1205&adys=204&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=165x1250&msz=160x-1&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0108b8a2b607c155d0ee58a84f9e6b516c8507cf4a658980eae10043d0667f82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17740
x-xss-protection: 0
google-lineitem-id: 6271249173
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429227205
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
11 KB 780ms
779ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICrightbottomcolumn&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=6&adks=2844659701&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785556&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=1205&adys=824&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=165x650&msz=165x0&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6800a1517c5b1d21989025f70a5403ff01ddb14e32805c1bea33e71e578096b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11270
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 112ms
111ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICsscreated&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&ifi=7&adks=1926913503&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785558&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=1205&adys=854&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=165x650&msz=160x-1&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe478891e3324449c9e35417d902b8d894eaf628103718cac2d5b2f0ce4596c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17643
x-xss-protection: 0
google-lineitem-id: 6273975554
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429918643
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 91ms
90ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICLBHeader&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=8&adks=2712950716&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785560&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=230&adys=2033&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=1140x0&msz=1140x0&fws=0&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4deaa32a7f20ab9d549968a8e5b90fce0e6a41cde8759aa1a83db16c98b7cd4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17622
x-xss-protection: 0
google-lineitem-id: 6273872060
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429260112
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 786ms
785ms XHR
text/plain 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=704775499217327&correlator=2037581948374480&eid=31073318%2C31073824%2C31073830%2C31073838&output=ldjh&gdfp_req=1&vrg=202304110101&ptt=17&impl=fif&iu_parts=113039460%2CTICmobileFooter320x50&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&ifi=9&adks=4156452066&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1681589785561&lmt=1681589785&dlt=1681589783879&idt=1611&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.theatreinchicago.com%2F&frm=20&vis=1&psz=1140x0&msz=0x0&fws=128&ohw=0&ga_vid=606482521.1681589785&ga_sid=1681589785&ga_hid=1543400883&ga_fc=true&ga_cid=21846822.1681589785&ga_wpids=UA-192177-2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a602822828a6abe77d97c2f186de73c937825db3513646072a9a7423cbafb6a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17747
x-xss-protection: 0
google-lineitem-id: 6273119923
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429876427
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.theatreinchicago.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0CDE 6 KB
3 KB 167ms
49ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:25 GMT
expires: Sun, 14 Apr 2024 20:16:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 47ms
45ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1053
perma-cache: HIT
cdn-storageserver: DE-572
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Fri, 05 Aug 2022 15:30:54 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 419
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"62ed37ae-40cb"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c4679824cb9e1bed83941832ae27bed7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.a7e57602.min.js Show response
a.omappapi.com/app/js/ 41 KB
13 KB 54ms
54ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.a7e57602.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 9521e9248df7d8a4bbe9c8052f273014560517a37e1aab0da71b61467d43922c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-573
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 29 Mar 2023 18:39:34 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 578
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"642485e6-a575"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 6e46a0d4ac236fbc25e17dda2d98bf09
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.30441cf4.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 45ms
43ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.30441cf4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 1b7c72c344628a34a182360ce440015c963b40f8f06b85095800f5791217c629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1049
perma-cache: HIT
cdn-storageserver: DE-567
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:27 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 301
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f96f-c92"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: ddb8f2f43bb1c41d8b7599ad22ee2aa9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 20.e40ad1db.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 41ms
39ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/20.e40ad1db.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 8df63939e87e03d5f16d0890511315ab0aa86bf66e64dfffb9d637b1d4c85741

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 864
perma-cache: HIT
cdn-storageserver: DE-566
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 25 Jan 2023 19:58:01 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 306
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63d189c9-ee0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c376fd32c0197e9d5141712b015409f7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 28.37593e59.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 57ms
54ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.37593e59.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: d08aa5fe6131891425c044dd702f43f2ecf647100e35173a102fe03fe49b0270

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 863
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:28 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 335
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f970-1761"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5416b37f698f3f11e6a6f775517137e1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 34.01aeaad3.min.js Show response
a.omappapi.com/app/js/ 8 KB
3 KB 57ms
54ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/34.01aeaad3.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 0cf67a42bb48fba065918fca80854ed3117be8fe739d0b19492331f529e868d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1078
perma-cache: HIT
cdn-storageserver: DE-573
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:29 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 336
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f971-203b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3e5a3992844797b9555c96b9e23c0fd4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.70f770b5.min.js Show response
a.omappapi.com/app/js/ 20 KB
7 KB 46ms
44ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.70f770b5.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: ef6d64d5a48a5bb376669ef86426e511b9d6d13b461d48b9b850c29fa107c77f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1047
perma-cache: HIT
cdn-storageserver: DE-164
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Tue, 21 Feb 2023 15:28:32 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 566
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63f4e320-4ea5"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 58d83686a0ebfbbdb9ee9b00e84ad740
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.d1b2acf1.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 47ms
45ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.d1b2acf1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 0b22415e4dbc33efb82827aec6c16cc04b481b84ba903d19c76543dc671f939b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 722
perma-cache: HIT
cdn-storageserver: DE-572
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Tue, 11 Apr 2023 19:29:31 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 597
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6435b51b-1afd"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f0681d017f6f7ddeec5c1e078f55c167
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 9.4e528b17.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 49ms
47ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.4e528b17.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: f678e256584e843feb8b927123eac8bbd5d98c4906eb713edcd04105ff063259

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1048
perma-cache: HIT
cdn-storageserver: DE-573
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:24 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 420
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f96c-687"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 2ed34893e766e0c7edbc4b6da36ee19b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.eec3051a.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 52ms
51ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.eec3051a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 26d9b6c44230968d81776300834750358ab5bdf35e7239385af3d503a4b584ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 755
perma-cache: HIT
cdn-storageserver: DE-164
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 25 Jan 2023 19:58:12 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 146
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63d189d4-7cb"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 557d18d89a0bcd9ec05d3c41f9dc09cf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 29.3ede5745.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 51ms
50ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/29.3ede5745.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 9b9030ba856ef3a2628973bbd256c5d8d42f92f8685c87998a3d8d4e3e35f4bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-167
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 25 Jan 2023 19:58:03 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 520
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63d189cb-ade"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c341dbee2cc433b4f5d45c64a89664b1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 27.36eab21e.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 54ms
53ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.36eab21e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: daa80cefbd2fdeeb84087c2dc6addc813e460e2f1529ec56f52ee56f152e3ed9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1077
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 25 Jan 2023 19:58:05 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 525
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63d189cd-4f4"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: d2e7cfbe4530d9e6385e3b9247577909
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 16.ee4b7ea4.min.js Show response
a.omappapi.com/app/js/ 855 B
1 KB 75ms
75ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.ee4b7ea4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 31d7ec8dcd3d069ea9f87486f661754c6b51a44e1cb994a8b19352a02572cf41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 722
perma-cache: HIT
cdn-storageserver: DE-165
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:26 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 420
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f96e-357"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 56203ff0c7b7b1e0193b3936fe4ccc0b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.f5bdb602.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 79ms
79ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.f5bdb602.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 50d992dc35a3974d78fa1ade515401c4abfb683e9b61fb255e9ae9633517a41a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 864
perma-cache: HIT
cdn-storageserver: DE-570
cdn-cachedat: 04/14/2023 12:05:42
cdn-pullzone: 293267
last-modified: Wed, 25 Jan 2023 19:58:05 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 494
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63d189cd-171e"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e909413394513518ecfd166fdb5fc095
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.3cb73615.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 80ms
79ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.3cb73615.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 157acb48f0d2c4dc8d0b950af08fcf796e986d66d462f8face3d2244fb5eda18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-569
cdn-cachedat: 04/14/2023 12:05:39
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:29 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 196
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f971-616"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3a263fb4f5588dfb53180588a209d204
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7308 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssp506DFTZ3_B8Skyawq5nmuQdXhvtY-2PUA8-sV6oOX7y333YZtKquQRHAMLUvngGyaIfXtHJThWnufSeJocDE3p7du__4J5AkDXia7B1Byq7zhwGrVqfaz1F9dawaJWiqaKgfKm44-jOFd74at2Fftdud4Nz0H1QaLmYXLG9APvnBK2g9DE7ATZfJ4fhSHTeoTDP0UUZhyTerbFjGGHLxGb6u8JnMcc14Z48tnljSoPi5q9Ojg0okZV5SquLhKTGoklKKn5ObnKO9b8u8iVhHMn8dC8XtZ_OilvYXlDMxHWgj4wNK4vDHo9j5vvJTdTyBpi-JFI2LUapYeUZaTC479u24mg&sai=AMfl-YQ0xoBYbcD-s21yxn3xjoqngafUy4rt6B82pUkQrigPCwxTJKuLNtIgmz_UYHJUAFYnfEqFqeClluqsNpXThWi6Ikmn6wsgq9ec3eVVdU2xKADxMyQSkXxGc9E0IQ&sig=Cg0ArKJSzA1BYlAbATCxEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 7308 22 KB
9 KB 132ms
39ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 7308 3 KB
1 KB 294ms
201ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7308 0
0 50ms
48ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSeSUO2HNuDR8EekCCZJZItOThSdVlqrtXxwtnGAvQ18GN58h1GxNi3RRSmkRvcW0HThLWgKKWCiW95Zh7PB9MA1tVyNg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7308 159 KB
49 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 8955317261046323419
tpc.googlesyndication.com/simgad/ Frame 7308 57 KB
57 KB 180ms
89ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8955317261046323419

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05847241ff210a75bee1d753219f23a43d629400251b3c73e5dd410a3953e199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58303
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 21:45:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 462A 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv9_aM6u0dlXfM44Pq9CTmJY1JCaAgcT74F7wg932wY4dRmwA_rqRDGxi4WqW9dFqcdnv8gF6ixXMewj8bYtJUOPHVXSK77XUgPkYGV-BGjm0BZh4ocQ7QUFtoWGv6O_mfxvwRdYvMUWGPPTTkVwXqn4ecKFpxbEnX1ai25HZ6sd_9GGpQEqocydeDu9k6XCaI-1a1C-G8xJUeN7i83-IAuBe2a-DsyDUtf1OX3q4kw7rSY85CVYym1yHMtxMMYMcFvlIKRgg0u0cOS4QGALPSehB1FGBIyEUEA2pJP4Xzo27bqaACwFJ0CyzhzD_oxMGwlvWxGrFDMEidslTJmp8y3XBoIidEQ6mQBXekssw&sai=AMfl-YQIsyUcw6uJUHlbOI8wK2lrswBrtjP8tZmFVk97QCfEkyVwMV-MEBJwVwvwAvHgHAWQu_LqxYMqMzjgbcDrQmGbYKsnEYTqtd-w1DNHXYK6EtKkNoRHBdzs4f2zzw&sig=Cg0ArKJSzCCqeSeCBg7AEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 462A 22 KB
9 KB 128ms
47ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 462A 3 KB
1 KB 169ms
88ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 462A 0
0 51ms
49ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRCKiOAhu1zloTgESdNx4xHpe_1mrCNPZ46CO367l0n0xiSHdZGa2mmA8UOGDV_KdzWyLJXmi5ztajvWtdiwHvfLtjUhg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 462A 159 KB
49 KB 70ms
68ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 17249513324024073627
tpc.googlesyndication.com/simgad/ Frame 462A 59 KB
59 KB 196ms
116ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17249513324024073627

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24d1767063307d54c7ae4f49b9d0f14d5c612648299e632eb5965dcf7769ce4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60734
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 17:46:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FB12 0
0 79ms
78ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUyJ3f5CxO1TITdKArQGLVkOhNpPi1IgFRbbywq-lT_gFhagw9W8i6RJBpmEJYM3bGLfwr_aOIjKsIxXAo-Jc34wpkKYWeVTs2h7KTaZtkpKdrWuJtpjM_0X8OlbO911nTb3fcoahJ90OAweZZQjxkRNykdJioXvwgLuHKWblYMBvDu5PO135MH31N8u3iRbTRMjUd-0129PiU5nRzeNoI-OOgFHs--NyPITz2FqhnFNUZxd3cdhYuAumqOycZb9svGRm7MyV2gpbnZzSWJzVrB6fJb2HZzCniT14iTyCgMfQnlBdQZPZ479yQS-LsZH89BWLl9vnuRceNxxnySradU_mSmQ&sai=AMfl-YSTfKNUnbuUm-6l19j24C45qS3h1MTmWqH_Nx5v7UfFAgK3Ie9cvA_bcCkwFG9j0cyjbxDkmJHRp3wlrBdB7kTRJdFrpuLqCLklqHtL8a93FUl4VwD-v1a8dpxyCrI&sig=Cg0ArKJSzFcIjuv_TivAEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame FB12 22 KB
9 KB 77ms
51ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame FB12 3 KB
1 KB 177ms
174ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FB12 0
0 49ms
48ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQJ4ReiecwggTwryZcLapvBjyiI53B-H2hfQyU3Tguo0QQocOdhKWL34R4wwiBrNK3NzsC2Apevtt2lXqFLmyiaH8d5Xg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB12 159 KB
49 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 1463790918436539788
tpc.googlesyndication.com/simgad/ Frame FB12 84 KB
84 KB 168ms
146ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1463790918436539788

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

379d1c87f97cd7ef6e179508c9048cdf65c5458e1d4528efab7c0a0b86bfec19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85538
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 17:48:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D8E1 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstfDr4HLIYmRkApP-TDK_mU-wJUSVEZCDnFoVamYcU5BxjbUHDJgG8WFUIpsShwQAJF5oE8yg64C1jcN-a29KJdWaArRa4k__XIk0XIPV4vvIzYqg8T2_pAoLxUtCr3jDsEOy-d4vBTIgmjP5vDWPV0rcu_8YqleN56SoRwyQTFMfR6jJu0UvlnIoR0umtYV1TzIDEh2753ro5X_KpxWMXPaeVLCoZmCUfx5_S4DvWcg9CqA_-4bV5CgyCjkPBBiRuSMSdcP5vDXHpF8UEDmgOycnALTTt4pQaMBpmG7aa3LCR4XEGdmx2EbroJ3hrm_s8Ui5kjQdjRN1JF4Yf97JnTUb1efGYw4OQ&sai=AMfl-YRTijQu1Q8MkgB0-MBj3SHe5hl4InM7_aS8DCixIzcq5pbmy05kyLSB70Yv4u70yr-3Migl2ylGaIBAvwRIcNzJvy6suxAUU3q9La6bGYW2AHtWM770fsgcao5sSA&sig=Cg0ArKJSzMoakHU7zKnMEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame D8E1 22 KB
9 KB 89ms
81ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D8E1 3 KB
1 KB 177ms
175ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D8E1 0
0 48ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQP7XJYeJYnVvDWe9VnDmE-ulBlHeLHlaOGlWcyRxJRcxyiwV0VYeol_AyqwCEjTfwP3OhDHilqDjFv_f7MXJrRA6jcVg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8E1 159 KB
49 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 4739136614766945448
tpc.googlesyndication.com/simgad/ Frame D8E1 19 KB
19 KB 178ms
175ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4739136614766945448

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6f95ec82703a1d6bf735c74dbf7fafe73a246b8cbad6bdf8f2b24f454b4688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19114
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 21:47:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:25 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2B61 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPgUDt51_bW_ZvJ1ms8mD7MM9EKDgl55CequfIXuwh2NrscsrltS8ZDmo2uCbV4YhYTFci5ZK1YtAd8vQWJXW6CFRTAco6dliA4wH5QL31WnS3_WXSGyCLpFqxn6BlZROPrv8MJvFwajR46LSqDnZ5N_kRMSiWiVRVRflfDt9hJCYwqhFEek8g-lWsjS-vqNd4zqVtLcrIltVkoo-kC88UXcsTQO0UY7aMAWGca7d3P6WEsJv0_BkYVYr_p6fvWpy-zXQuey3xlzpCO-U2VwB_OwTbJi2nJZZiVUnDjGHaDjm785ugkup5RCFkeVksGw6apn6GFhopySimgSyRtQumUEolTaGsu2U&sai=AMfl-YTbN5Cwh0p8qCXuCzvFY3FpEGzfl4PdAFoUTDh-Wxhh_D6zgHAyJrsx5nqqm96YW3vTWjOfKwAhu2TJOa2MgD0yUMJnKtYSkIyvJbscEl-RLxc6EViO5yWCWFQhRw&sig=Cg0ArKJSzKBNYdgeDsyvEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 2B61 22 KB
9 KB 174ms
173ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 2B61 3 KB
1 KB 194ms
194ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2B61 0
0 47ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRVCam9Q-G_C4DkAqSqbODh75usYsp3MEVOQk0EMjtWPiGRBEg_VRU3FX1WdyMOmgxc4M0aLBBf1ElCAhe-4jFLfEpU7Q
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2B61 159 KB
49 KB 79ms
78ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 17747988202045652021
tpc.googlesyndication.com/simgad/ Frame 2B61 89 KB
90 KB 175ms
175ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17747988202045652021

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb7ff7e94545aa1040e144c21c3a1a8de87c62f77e009dbd36ec6fba0855e0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 14:22:50 GMT
x-content-type-options: nosniff
age: 107615
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91608
x-xss-protection: 0
last-modified: Wed, 12 Apr 2023 01:35:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 13 Apr 2024 14:22:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
581 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400,600,300

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

361e2a7c1190c0a950cf5b2885d72b6794215b7e3bafb6e5dc36aea2baaae68e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 15 Apr 2023 20:16:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 font-awesome.css
a.omappapi.com/app/js/font-awesome/4.7.0/css/ 37 KB
8 KB 40ms
39ms Stylesheet
text/css 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/font-awesome/4.7.0/css/font-awesome.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1078:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1078 /
Resource Hash: 36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
content-encoding: br
cdn-edgestorageid: 874
perma-cache: HIT
cdn-storageserver: DE-164
cdn-cachedat: 04/14/2023 12:05:41
cdn-pullzone: 293267
last-modified: Fri, 05 Aug 2022 15:30:53 GMT
server: BunnyCDN-DE1-1078
cdn-fileserver: 419
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"62ed37ad-9226"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: a3161d38bc3406cdbd5f504e89e4549e
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ Frame 7308 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0acbc6bb0d564bfca20f76982415e529e5a662ce032154d19325d6533ea2420

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 462A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 938e90a2d75092c915eb2e8b5d516cbcc470cac05bd0ad9ec8217df0d3b939ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FB12 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7f25ce329ecc549b36303027e3d16492524b1e19d0357c07b157d94d961f125

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 51ms
48ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,600,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 12:41:52 GMT
x-content-type-options: nosniff
age: 113673
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Apr 2024 12:41:52 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 48ms
45ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,600,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 14:06:56 GMT
x-content-type-options: nosniff
age: 108569
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Apr 2024 14:06:56 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 42ms
40ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,600,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.theatreinchicago.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:31:16 GMT
x-content-type-options: nosniff
age: 380709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Apr 2024 10:31:16 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7308 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuX1D6Gr_aPVAHxjoYvtDqBjmA2XxgpJxi9c9tZk17RJjBkkysLZ7kDISK2PJRglLth0Z_fGRLlRIfMRLSj-J9ebH0k9E6QWe1yon_h5sC45elNlCKy4jrlXZzsolFGDGYyjQK6nNGEoHwrPvNA1r-7tElQHsIWyBeQV1vzLyU9_fRha43Eztux86wMSVWdYnQoNevxahQKISMvEFbxcXYKorzUNtyBwltYJ1FjkzDykUXFa5NQllj0FcxaI4mnOlfNceDjT9o0-rHkak0KHIfpe4ROCaMCv1Jaz586zSCYNIboMDIsqNZ29Dp4VEPnnr1n7WvoRj4Cqg&sai=AMfl-YR_IRwybk7YkW7-NKW7roI-E6gN9aTcyM2633qWzFD_K4jzRfr4DgV3zxqfdvaioCWqX6sZH98GTRHN6PwebMioj8VGvnk5zC5FXTTGqm5m5QX36v4RSrts7HHwyg&sig=Cg0ArKJSzH84FAWA3OXOEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 462A 0
0 76ms
76ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZlrshEmufG8oqMFsnugIb8PbwZNwc4AQA3Yr_4T4BGux4KbGzy0xdnsiS2eivukF7U8jLaQc0xp-AAqkXm8-KxSmy0ICiTCRAOdX6ouSs6ZDFjJYT-xdkIcFhLfY77H7y70o7wTopajd1sLdC9uQYJuOFKe3AKlt0K7ojlBbdmbuD6X5fEdKXDsSJ2aqU8_F7zGBr52qB65Hc-WxRnujLwt_glIpNBkiVh7L6iXswKiFitW4e_QwYvLv3lKBIZvS6FWAAQFLjlxOPUq6rEAy2zHs7OLD_t16OfDKSAF43IRIarN6fAnvYUWoudiNxHsF9NOySgzFm-y76o7lxmoDs-Q&sai=AMfl-YQXCrw9Jt0rBhE_mFjeyhBK5RZ0Zj9P4UEqTXqWp5mzRPA0RW1NR0ZrSwf3TE9Z0PuaUzs3wws39oCI21F7he4jFk11Akb3bxSeHktbxRPFhCJZq9tJys2tVPFgbw&sig=Cg0ArKJSzMXULFR7BWaSEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:25 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame FB12 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssRJwJMqmAwK-Ho8IZSkjSW8yC1k7EHvR0FZ9qltkgsc8_ldVYPPJWVJQsl0aXaaLjhilzacIeaYYBYRjmzqyxQzQODnqmEpBdUSqAttvUBXAtvbNn3NX29GbAC9c_-TiHnIyUQtw5YAxAgChUoe8sgHGP6X1-feFiq8X3TKWDRi2g7EHfZOEqxwpWAqxSTHrVBAd4Ls_VnHeKdAWuJWMU9IguBEfs75O1ZcLZ7K3vs4XDaSmfabTxXc58CWDfTer5Ak6BJ_3yVSO3TiFEo57MXjvx3Sg07DkXSjaxiTSqfYh6_UMNO6QaCBQYYCztqOvFB0eCSVT1s5w&sai=AMfl-YSr_y76FC2oSYuXZ5byyfw5ivRsduvW2P2rJS5CcN1Vm4wtXrEBJO9vHoOPSzludfqP8JJuv-Fkg4i9yOSxIcVCqYQtlv2p3UFn1jg5r2I2ak3P-sCHogah67jkVMU&sig=Cg0ArKJSzAjQbsQQf0-PEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
DATA 200
OK truncated
/ Frame 2B61 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a37c3b42cf2dc99fb8bc0b8ba1c9f78f80791827b98e8ae102ffe5a7fcd7b8f7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2B61 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4pQ1ijNRvWyV4WR2jmqc1CU88PPB86W93kPCxw5Kiy0tI7rzzYPrAUgwTwsc7WORD2cseD7hDI6mKwzV_LYJ1dvPxbPVz1dzgKDy8b2Lkv6_rENpqANsgjpgcbpGRCifFKQOH_Q1HJmPht1rxDgXgvjIB3iGqEw81Og4dX-B7Uf-ZWJ7fxBDBEmQzUAdGHJF_EWKpHskgaPpEmSQwf-jb6AOJQVbhfU2NVqsizJJIYTgw-Nl8tigoGpQQUQUyqpaR0g_pnpNBHKHxji2_MsxySCXv-KlYC0Cr9a7yEwYcq_U8B0uReFJhia2UJhGNQOPO1Vnj3eCJnuikKFE&sai=AMfl-YS1MvKPA2J-AOvfK-rlRIdwZL4_wRLyVvmCrZ4-afgoIi05aiEU3hCpK8oi1rOWhtkJmSf84uulvgGZP1FCYite_wtNDIYSeG_6HNnuYws0qiQSMBHDZQhTbCXCkg&sig=Cg0ArKJSzJoFUPpIxhEaEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D8E1 0
0 76ms
76ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7aMenlY7WZUWoEmvffgPHkvNSfGaSRhNjAIhUHZ7VYMTsc-T3LYmbshSXOj_xn3UbCMyigCJawZ_goBDwH-KSK34qXgaLUS3O38TkbIHln7wyZzP9iepuKmR19BeHd5-llXI6n_XZivZMVa_TDZdyoD7pekwFpPuWrhk6r79jDv2n3jKceRZymQKHZ4PMBHjcIbwsLTX7P79wnepr05M8hhUcOMj7jw21vSFjt98Q7x9oaP4GZIHIzkdqFTjl4aJIlFc3d0I4P8AQVzdyTQOfM44aiIzpCHBRJLoXnzKuo5GYQVW8iZEG-b5zc8KRegq3SLlXFVNAFgO4r2c&sai=AMfl-YTbzfofYe_7lgIieNPAbeXNkERjIeLu3R2CkAerOZDQKoY0PUsaG9cpTfwrEPHC5sPniI3EDgj8mOwhoVcCM_HvmSYy_9E5OAZ-AYpRe0gya9wPQBP8vY9-cI_z3g&sig=Cg0ArKJSzHUqelrefK2cEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 178ms
90ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304110101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a886b38e83029773dd01967838f7e269c133e8199541d7f1fbb86ac39d2ace5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11273
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 36A7 13 KB
5 KB 41ms
39ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 9556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 17:37:10 GMT
expires: Sun, 14 Apr 2024 17:37:10 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 75FE 783 B
533 B 51ms
50ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

08ff793f9402d67c66130ce6fd15a16b7201f2fc579f344d5bf63a93710643cf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--hPsSCSowsFTb2ZKo7iMNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce--hPsSCSowsFTb2ZKo7iMNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:26 GMT
expires: Sat, 15 Apr 2023 20:16:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 container.html Show response
3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A049 6 KB
3 KB 42ms
41ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:25 GMT
expires: Sun, 14 Apr 2024 20:16:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 93B4 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstF2znf4i6DJQG2np_SA9NqqLU1HHZw-zgO8U3U-GyY66WmAQUztWNuZSykCcaIdRmsO7M0wQ5DfmdideOH_1tsDop4ZNixZY8FxU-OYDWl_JwMapG8ypFmzt005UrhOCoNwRY7EojRdN8f6-PelXQ3lMY_yjgDumOboLOsnXt9Mc_iC9gVpU2zVbgHhrSpH4CF4JUII6ZwM22Sd4_ikDJ-qc5ElYFfkAA6MGp4oIsGLD8l_H4bS_9AdDWksAVZRI5qSzYT7LcPOZmsGgNrMP0_kqph0YIKzv9GJc_D4DEYadt0OOQx0jMCL3eqNAEAS0PM4L2SFdI151R5F05WA0xXaXKqKBVYn1aROKRluk0&sai=AMfl-YT16esOV1hkRTpvdBxzKEK8s-3e4uhMtHc20yCEcY8lOH2KaI5oYnj2oXPdNDwKxl24ldmzcC9EpAaEE0CVHqjPWkyDLmLCDKdZhIO_RbGd2hwghbCHUNqLjxblt_o&sig=Cg0ArKJSzBj9dXScAQIrEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 93B4 22 KB
9 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 93B4 3 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38360
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 93B4 0
0 47ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ0mhIKaL8a0O0QfVz3vVLhRfhHWsJAuvNCwYJDaguwADAeLnria9fx14FLz_wOVJ1avh9OTXqYismAbYgvX5wD1IzAlg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 93B4 159 KB
49 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H3 200 18119310504454679371
tpc.googlesyndication.com/simgad/ Frame 93B4 25 KB
25 KB 51ms
51ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18119310504454679371

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5624d259af4072b555b675e012182fb05bab0132a19a7a9dc3a1f129bd734ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25422
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 17:50:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:26 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 75FE 0
0 157ms
75ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304110101&jk=704775499217327&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js Show response
pagead2.googlesyndication.com/bg/ Frame 36A7 36 KB
14 KB 121ms
41ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 10:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14296
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 14 Apr 2024 10:09:43 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 93B4 0
0 77ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstSI2P9wU8yzF43tIpWNe4MbA1Upu4iPJQ5AOuVjyFYR3PVZ9qWH5HIQNKhXEG20ZuzgsLVSTRy9RtNHlo_Wry2BApoNZrnTxYukgwfVqI3GTlHQE0oGRfoW-TlAY3zBAclFGAIYp842210gkQuOkeQLPcJITchDMalwFaJuGlF-GdpBF1YH5nR1yqtqc0o3VfqdTq4iGhElOPQCBdVTadPwahtebymHYZQxYn2j93S_LjK-DTRomoptLXUlGdEuMnbpSKeN_E9n28Pw9jeMt90UM1w0ciKDHI4viIRy17ig769sSfGATpEzebk5Q4IotfoatILtAK-IXY_cOdAgzRURD8&sai=AMfl-YRXDTQISTFBKPkCB9NODSD0Lhxha2PEDxuioq1SPoC06W72fcOauDNYC-yi_wro5XC9hCNQq_pxs-T0VuIlNZIFSrINZOg17q67nbcII0dv4jG5jsyH2eVsjE0C-No&sig=Cg0ArKJSzG5p-piFQnm2EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A99B 624 B
310 B 84ms
81ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY_oro4gEwAQ&v=APEucNVPWHVt0ZynzDljX8QbfVVUKVydE2B6hmfCAwi61gN5XmMyyieTJQw_mdaYedFBdSnYyT6yJrwaA67hJBTljYPveUNVACyZXRmhS-YR6kWQ90Y2QYfV37XG9QtWadOkmbwmOo4W5uNOMnIKeqTVuNf2FezoTmyESGNceTgaLnSz6TclNp4

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A049 78 KB
27 KB 150ms
120ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 42 B
63 B 104ms
74ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AC3dC_w5A3_SVNznkO2lUdYRxU72neFOm9BrOS7kGOlYXFODXntbh7069TmOadaRKTp5AixEWXkAYx_CgeUJeejm_p4OPps24WSz_7OMV9x95MlyM

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 0
20 B 104ms
75ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4073998799587737250&x=1&ct=76

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1352960/70224241/xbbe/creative/ Frame A049 251 KB
76 KB 183ms
57ms Script
application/javascript 54.72.1.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1352960/70224241/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-4875329658179347&ias_chanId=1&ias_placementId=19774044633&bidurl=https://www.theatreinchicago.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h2LvqD8voODyIs9jta41kw
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.1.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-1-207.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e15f0fa6b82b838ca3322606feac152fe748bcfef6b2ef009ab92b38d1046909

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame A049 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38360
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame A049 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 18:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7876
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 18:05:10 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A049 0
0 49ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSeS6iKXmyiksjmG1sYsr8VYzcipuNmwj7Yz9xJIw5tWgqDGc1-YIVxX3fNwUU84Lyxbq1WjcF3Nmb6xCz2Puy6fWVZ1w
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A049 159 KB
49 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A99B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1

43 B
766 B

72ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY_oro4gEwAQ&v=APEucNVPWHVt0ZynzDljX8QbfVVUKVydE2B6hmfCAwi61gN5XmMyyieTJQw_mdaYedFBdSnYyT6yJrwaA67hJBTljYPveUNVACyZXRmhS-YR6kWQ90Y2QYfV37XG9QtWadOkmbwmOo4W5uNOMnIKeqTVuNf2FezoTmyESGNceTgaLnSz6TclNp4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A99B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1

43 B
766 B

41ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY_oro4gEwAQ&v=APEucNVPWHVt0ZynzDljX8QbfVVUKVydE2B6hmfCAwi61gN5XmMyyieTJQw_mdaYedFBdSnYyT6yJrwaA67hJBTljYPveUNVACyZXRmhS-YR6kWQ90Y2QYfV37XG9QtWadOkmbwmOo4W5uNOMnIKeqTVuNf2FezoTmyESGNceTgaLnSz6TclNp4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFK3FpGwOEVpo62rl1kmSo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A99B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEA6O_dOLiX5b5jXcFHkCbsI&google_cver=1

43 B
1 KB

65ms
45ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEA6O_dOLiX5b5jXcFHkCbsI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY_oro4gEwAQ&v=APEucNVPWHVt0ZynzDljX8QbfVVUKVydE2B6hmfCAwi61gN5XmMyyieTJQw_mdaYedFBdSnYyT6yJrwaA67hJBTljYPveUNVACyZXRmhS-YR6kWQ90Y2QYfV37XG9QtWadOkmbwmOo4W5uNOMnIKeqTVuNf2FezoTmyESGNceTgaLnSz6TclNp4

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:26 GMT
AN-X-Request-Uuid: a3283047-2ebc-4d75-8f9f-6bd5be5477bb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.102; 80.255.7.102; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEA6O_dOLiX5b5jXcFHkCbsI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A99B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

170 B
243 B

52ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Apr 2023 20:16:26 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.102; 80.255.7.102; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: da90fe0b-45fb-40aa-9e4e-7522e5aaf147
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 36A7 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?rYsNMA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1462922093364&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1462922093364&version=m202301230201&ct=76&x=1&cor=4073998799587737000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A049 15 KB
11 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AE6uBR5DV5gAHIIYNC5W7QPSxZDoOo5ARwzPGRI01pyU3Zg2cif7Q3uqTE2Yf88L-6f4gtQfiiBXeQHug7k1-d97RYV_rjTP2ClGdBDQxgQqGUkPv0Tkw_QpkkOMyHeflU21XpHEU4WXA-R5hQ9CM8sX0q9P7AJ4NSaEh7PAKATyau4xY&cry=1&dbm_d=AKAmf-AD7K82COsYzpeDP2iS0xY7fucEgBN9-w27anMrtM1xa2tWWub-HPhNzMXDEtLxuSaoDadqEcJCwl92ovWSeXyhXpdbR7pKeeWgM5ArvTib2c_Ovr680cOgxsDIjd8hoa7UW3r6pSPHlBq6C9OgGoXwukiaXndThQw1E8wlwR1QhUR4SCyeV9nmkqRtwydUSUnGl2UtLoKp2V9eQz2g04UhnHCq4YqZbjkVC7tHrm2poyt5no-jIo-8gtwWvnFIY5ye3Mx3pQkXIS3D3DI7VW9VAQSOR871uHG7mlCWqCFt1KG6e_tMwxdpHMZkrUCxpnwn3xM6dL663fmA1Ocy5GCnXmhAloz6JPoShpkYlai-26bv1__rpvUJ_8-hCGScU-Wb5lueHADNtkOReQaonJjNEZGNAcipcGaJLX6qOss9ks_tfmMQQKmNOllLVaq-gp2mnzcHcUhR3SOGpHH3ZN9GqsrK1DKOIqT0kEt7Mez1nTM1YtYm2ahMKqr9Q-qUWm6OltQZacaOTqUZR7bS9KgaAI4R1A9u-pb2ZyTSxZWfa2pDCA5x3OMl4W2fcOdWlSpmBRDxr5Bb6JN70ywS0rdIqnZg6pJ1t1ydgwb_e0u-_GtokSdf735F-SjSuE4_iSsZtgnEHvzU3n6ycLwcVRLmQfPIGmeRBif3ELusaNhhT_lh5L_bcbZxSqhLNtdkfbnc8g6ENZh7euXqBrJuZxyMm2graPujYG23owo8PMXX8JjbHUqGnfUzzM6jXtcDrIxfP6rTDvnEDEZ3wD9kh6Ic9Kh8b4u6N1rNuMxKl0Y0S8edRKcDGX43BSZrlnkx2iL_daQb1vOuxznzdG3jk44TCILT19fRJeEFS_8zv2krWrAkfVqpQqJGv1mQ6h_bN7kfZ_dTcvf4FsC2wYdKzUszlYSRCV1TvkDuAXg7mMLuoKqtupqZAUbhl3q8aZqX4wpH_oFQ6alhFGDeQTGrwBsXpncrKWMcX-CCzS2cPUyRjgmBBMCob6IF4RR4FQXe4H7o04G9gt2vDDvij1UF_28oRa13eXXmhQF2aCuc0epYXrU-G7_7u9WwyDzRfAlgk9zsn20H3bmuTdSuorzgkRMv0Qu1pInW4lXnyU07FWKhkYHaE_T6glb4oou2LZbg72uHvJLbwYPdVqvoVkDaHNuJw5sF23VcROXcEOEr7wrrr_eBirpflDiht8Sw5xPQYWDEWNirtynuvxgTeLFIzT2FMTckxwO3Y1_FaprGiA-UcbnFseXxN1b9RG9E9ohXEvPOn09laPxp1yO0rsicVUerbfvrkQ-bi9JK9DZkkYIId2ZRc6bduCbvrbGttqB8V-PMaT_GEGyCIGxR7nk3JUhxL5r8E1xP32Ftqo-e1zCrme6bcQH575PQ_Q4x3oow42c-dwY8wr9ZpgIcM7Y9fzpTAwrB6DLkVryQy3sWyShFU-906zcogj8ePGEi-_-OME-lFHUQ7DVB4PLSWbpczgkHfyZU5OmHy0ZDv4YCwhHI3Fn8djit0SA4RvwUhzYoH8y_ZJeaz9zkLbG-dSHhZA8weMuDhwDoI39T3zxsk165V1lWiKld9N80sX2pr38Wf7Z6F6cVl3Yw7Idz_XdrggJpjlH3bJvUOh_eSPOvuHBKkMC_Ox5hiur5B7iXP48mNx9D5HbpR-WXOVmu36IkYeDkj_ta2k4_7bc8IsDrD-QsMOaZv0ceWRskchGYdFC2ERCjGV329bgcg8-s6Fi-9Dfhy79EPW8fq5LB-8-x5vfcCAIEXURflRm4Rxo98pxiPs2jPZdgJiboI2T9ji5XhbEoRmvR01b7zqmf18yEmzktoPXoY7u3Afsj2KvSUST2Zw5QcEf3-c8f5t43_whX8d94umuE50ra7-F-spW6akYBgjJtw6QdBz1q1R47iPo21u_CBZ4K5S1VjBhyQIkSVZqh52kwfO_j_QH_SQ0C4_sbTc_VeANWNV6VtGEc_ALJ2JRlFh-VDKOIyVCttqXIPKSEhg3v0WcQNOTTypagFMDtm6EUrqo7As3sN1hkYU-kn2CnTduSNJlK_QUhcwYLU6HOszXQmaEZ37yxz0kFHXnEadcGpm2DqLMAWLj-1r5kDinQ04iKozmToqXMPpXa1fFAegd9WC52OknW6jPegMP9K1pnB6g1XsAWA7yTARf__WWhZRMrL3pQZBtifPkhrUAYS8Q6qUppSGW4cqoyEyhFUiH7Kk6R3bFgEgeEzGlw_hE5Vyba1Qq1Xus9tvyw1RG94m6o4SW1izA5qkWQZSyCjD0DxgBPGrLfsTEB7zQxopLIpiFujYnY6ZEy5UABcetYEenJpLocy8rJ7ZFie1bEvCfiJOEf8JEa0qhiDdUmPqb0lU-7V-8PadmHDJzRYxh-7x5EgPN-L2LBLSRPnXC4P_FN6KUZCyikz0kwWVVxwMpHZJJSmRWDvmi1ZwwIxEecP3TAiBG7-OqsmXJ4AuDrhjluTp8IKaKEu86ThIEeT_O1NIpMs__L_WuUEGbJJ45p_dCFd-FWU3KshqgDabNNQllAVo4fmto0veVpTcZQktCKNaig5Q-RjgH_t4B8I7E54hNEdaCfXEhu4YIt2oRGwxN78Xkp5VyTUQfraq2LC69GabT4ZPzvT6BwVskYO98Gp1hZ-ULeihAxVslyWYOx9JTWmKOrZHf7DnaMMJyBXq8rhSzPgWmqldfdHkfydaWPVUVeLXabVyXWYvsSg44HDJr3lrp038glZquskPRiiUI9FxnGnpWXhz6PbBOLqSTUJ5bpV7xgMwnyLbKgX3Kuh8ucSfL47t6cvKT6EfCM-j66kuEYleq2YTK0LWMAsfGkOJlmcvd9fmiPhyUOOmraJOQn1fQkN4_ux8xThf59jYM_Ct_xRTe4RtQoTYFcGzPTYMNHhkrEGKM-HAVRI_Vx2paVjpQoxrKzmgQ0pb9QuFulYSfDF8jZKRlMx3uTtGGTNRi0OLjnWuhtSMRJSxdo42Ep6gY&cid=CAQSOwBygQiDiZ70hV6WTUVfMGYkxXumLwatV2Ij8zZsHqz2oePu_bmcy87gnzg_0l8ZFOAdkHB6pxITue9hGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=4073998799587737000&adk=3944675600&idt=175&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b6c0871762d9a246e42e260bb7f84201667d496dada260d24d691c50f703ac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A049 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AE6uBR5DV5gAHIIYNC5W7QPSxZDoOo5ARwzPGRI01pyU3Zg2cif7Q3uqTE2Yf88L-6f4gtQfiiBXeQHug7k1-d97RYV_rjTP2ClGdBDQxgQqGUkPv0Tkw_QpkkOMyHeflU21XpHEU4WXA-R5hQ9CM8sX0q9P7AJ4NSaEh7PAKATyau4xY&cry=1&dbm_d=AKAmf-AD7K82COsYzpeDP2iS0xY7fucEgBN9-w27anMrtM1xa2tWWub-HPhNzMXDEtLxuSaoDadqEcJCwl92ovWSeXyhXpdbR7pKeeWgM5ArvTib2c_Ovr680cOgxsDIjd8hoa7UW3r6pSPHlBq6C9OgGoXwukiaXndThQw1E8wlwR1QhUR4SCyeV9nmkqRtwydUSUnGl2UtLoKp2V9eQz2g04UhnHCq4YqZbjkVC7tHrm2poyt5no-jIo-8gtwWvnFIY5ye3Mx3pQkXIS3D3DI7VW9VAQSOR871uHG7mlCWqCFt1KG6e_tMwxdpHMZkrUCxpnwn3xM6dL663fmA1Ocy5GCnXmhAloz6JPoShpkYlai-26bv1__rpvUJ_8-hCGScU-Wb5lueHADNtkOReQaonJjNEZGNAcipcGaJLX6qOss9ks_tfmMQQKmNOllLVaq-gp2mnzcHcUhR3SOGpHH3ZN9GqsrK1DKOIqT0kEt7Mez1nTM1YtYm2ahMKqr9Q-qUWm6OltQZacaOTqUZR7bS9KgaAI4R1A9u-pb2ZyTSxZWfa2pDCA5x3OMl4W2fcOdWlSpmBRDxr5Bb6JN70ywS0rdIqnZg6pJ1t1ydgwb_e0u-_GtokSdf735F-SjSuE4_iSsZtgnEHvzU3n6ycLwcVRLmQfPIGmeRBif3ELusaNhhT_lh5L_bcbZxSqhLNtdkfbnc8g6ENZh7euXqBrJuZxyMm2graPujYG23owo8PMXX8JjbHUqGnfUzzM6jXtcDrIxfP6rTDvnEDEZ3wD9kh6Ic9Kh8b4u6N1rNuMxKl0Y0S8edRKcDGX43BSZrlnkx2iL_daQb1vOuxznzdG3jk44TCILT19fRJeEFS_8zv2krWrAkfVqpQqJGv1mQ6h_bN7kfZ_dTcvf4FsC2wYdKzUszlYSRCV1TvkDuAXg7mMLuoKqtupqZAUbhl3q8aZqX4wpH_oFQ6alhFGDeQTGrwBsXpncrKWMcX-CCzS2cPUyRjgmBBMCob6IF4RR4FQXe4H7o04G9gt2vDDvij1UF_28oRa13eXXmhQF2aCuc0epYXrU-G7_7u9WwyDzRfAlgk9zsn20H3bmuTdSuorzgkRMv0Qu1pInW4lXnyU07FWKhkYHaE_T6glb4oou2LZbg72uHvJLbwYPdVqvoVkDaHNuJw5sF23VcROXcEOEr7wrrr_eBirpflDiht8Sw5xPQYWDEWNirtynuvxgTeLFIzT2FMTckxwO3Y1_FaprGiA-UcbnFseXxN1b9RG9E9ohXEvPOn09laPxp1yO0rsicVUerbfvrkQ-bi9JK9DZkkYIId2ZRc6bduCbvrbGttqB8V-PMaT_GEGyCIGxR7nk3JUhxL5r8E1xP32Ftqo-e1zCrme6bcQH575PQ_Q4x3oow42c-dwY8wr9ZpgIcM7Y9fzpTAwrB6DLkVryQy3sWyShFU-906zcogj8ePGEi-_-OME-lFHUQ7DVB4PLSWbpczgkHfyZU5OmHy0ZDv4YCwhHI3Fn8djit0SA4RvwUhzYoH8y_ZJeaz9zkLbG-dSHhZA8weMuDhwDoI39T3zxsk165V1lWiKld9N80sX2pr38Wf7Z6F6cVl3Yw7Idz_XdrggJpjlH3bJvUOh_eSPOvuHBKkMC_Ox5hiur5B7iXP48mNx9D5HbpR-WXOVmu36IkYeDkj_ta2k4_7bc8IsDrD-QsMOaZv0ceWRskchGYdFC2ERCjGV329bgcg8-s6Fi-9Dfhy79EPW8fq5LB-8-x5vfcCAIEXURflRm4Rxo98pxiPs2jPZdgJiboI2T9ji5XhbEoRmvR01b7zqmf18yEmzktoPXoY7u3Afsj2KvSUST2Zw5QcEf3-c8f5t43_whX8d94umuE50ra7-F-spW6akYBgjJtw6QdBz1q1R47iPo21u_CBZ4K5S1VjBhyQIkSVZqh52kwfO_j_QH_SQ0C4_sbTc_VeANWNV6VtGEc_ALJ2JRlFh-VDKOIyVCttqXIPKSEhg3v0WcQNOTTypagFMDtm6EUrqo7As3sN1hkYU-kn2CnTduSNJlK_QUhcwYLU6HOszXQmaEZ37yxz0kFHXnEadcGpm2DqLMAWLj-1r5kDinQ04iKozmToqXMPpXa1fFAegd9WC52OknW6jPegMP9K1pnB6g1XsAWA7yTARf__WWhZRMrL3pQZBtifPkhrUAYS8Q6qUppSGW4cqoyEyhFUiH7Kk6R3bFgEgeEzGlw_hE5Vyba1Qq1Xus9tvyw1RG94m6o4SW1izA5qkWQZSyCjD0DxgBPGrLfsTEB7zQxopLIpiFujYnY6ZEy5UABcetYEenJpLocy8rJ7ZFie1bEvCfiJOEf8JEa0qhiDdUmPqb0lU-7V-8PadmHDJzRYxh-7x5EgPN-L2LBLSRPnXC4P_FN6KUZCyikz0kwWVVxwMpHZJJSmRWDvmi1ZwwIxEecP3TAiBG7-OqsmXJ4AuDrhjluTp8IKaKEu86ThIEeT_O1NIpMs__L_WuUEGbJJ45p_dCFd-FWU3KshqgDabNNQllAVo4fmto0veVpTcZQktCKNaig5Q-RjgH_t4B8I7E54hNEdaCfXEhu4YIt2oRGwxN78Xkp5VyTUQfraq2LC69GabT4ZPzvT6BwVskYO98Gp1hZ-ULeihAxVslyWYOx9JTWmKOrZHf7DnaMMJyBXq8rhSzPgWmqldfdHkfydaWPVUVeLXabVyXWYvsSg44HDJr3lrp038glZquskPRiiUI9FxnGnpWXhz6PbBOLqSTUJ5bpV7xgMwnyLbKgX3Kuh8ucSfL47t6cvKT6EfCM-j66kuEYleq2YTK0LWMAsfGkOJlmcvd9fmiPhyUOOmraJOQn1fQkN4_ux8xThf59jYM_Ct_xRTe4RtQoTYFcGzPTYMNHhkrEGKM-HAVRI_Vx2paVjpQoxrKzmgQ0pb9QuFulYSfDF8jZKRlMx3uTtGGTNRi0OLjnWuhtSMRJSxdo42Ep6gY&cid=CAQSOwBygQiDiZ70hV6WTUVfMGYkxXumLwatV2Ij8zZsHqz2oePu_bmcy87gnzg_0l8ZFOAdkHB6pxITue9hGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=4073998799587737000&adk=3944675600&idt=175&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:12:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93836
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Apr 2024 18:12:30 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame A049
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224241/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1...

70 KB
24 KB

446ms
86ms

Script
text/javascript

108.177.15.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

108.177.15.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f156.1e100.net

Software

cafe /

Resource Hash

a00370fffefaec742d1d42dfddf1049a7e78ef36e840115e93064e599e01ea2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24315
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
server: nginx
x-server-name: app07.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 9F29 91 KB
23 KB 160ms
48ms Script
application/javascript 2600:9000:223f:8c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 17815210
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: CDg4oz83yNHdh67-N_gW8-vqzLmdMyqRBQN2o8Q9pTsVh4p1lihGCg==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
215 B 535ms
118ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2UeN,pingTime:-3,time:42,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:42,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B35~0%5D,as:%5B35~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&br=c
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
216 B 532ms
118ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2UeO,pingTime:-6,time:43,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:43,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,rmeas:1,rend:0,renddet:IMG.us,siq:20%7D&tpiLookup=ao:www.theatreinchicago.com*&br=c
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
215 B 532ms
119ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2UeR,pingTime:-2,time:46,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:409,beZ:410,mfA:413,cmA:414,inA:414,inZ:419,prA:419,prZ:425,si:429,poA:430,poZ:447,cmZ:447,mfZ:447,loA:452,loZ:454,ltA:455,ltZ:455%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:46,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:20,sinceFw:25,readyFired:false%7D&br=c
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 611D 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 93800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 14 Apr 2023 18:13:06 GMT
expires: Sat, 13 Apr 2024 18:13:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 462A 42 B
174 B 79ms
78ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVnk7eK-6Vk3kZWsP9XRTe7WySBKmmF4TXLIMVcrvWu5A-Gtps8B5gWPnFdpa5VZVHxkYt1P5xi3CsvXNjfKOaGJqyU6m35rr0dP9-P_V3zCbnI-oA&sig=Cg0ArKJSzIChTwpVQGNXEAE&id=lidar2&mcvt=1009&p=204,1205,804,1365&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20230412&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=695397921&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681589785687&rpt=260&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js Show response
pagead2.googlesyndication.com/bg/ Frame 611D 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 10:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14296
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 14 Apr 2024 10:09:43 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB12 42 B
108 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuuZmm9IOniaW3zJRLiEwMPHL8xxSBFDV5cbZzT6otE9XJSezTujfqkqHJreLqJ02IPM49vRecrzRn4aijqFvLp5XPjpOuBcwKEJaKvBneOn1LX0P_i&sig=Cg0ArKJSzD9PpDJHC27OEAE&id=lidar2&mcvt=1003&p=20,642,110,1370&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20230412&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2649920363&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681589785740&rpt=228&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 611D 0
20 B 78ms
77ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUbPDGgY7ZL3cKaPpx_APut2zoAYAAAAAOAHgBAI&bg=!cnGlcSXNAAZA7GLoYOw7ADkAdvg8Wv_sFtLH2xfGgOIiB7hYounP24WhYhH0rT_ysuaL2I7l8pPhboG3S_3frN8rMLZhHqQ5u0QCAAAAPVIAAAACaAEHmQM8KOxxhLpfmZyeVbx19YzYOoEi0jyYvm-Kv3LdqQ5JJ8uV76EJHKIdw80SmUWLYgqpwmW4bIa7IoGdiH9MsPxM2IS62M_Tp7Z68HJx9eGVyAO7Jw3deq9u8XtIP-xb743oZJhrHRFRcxcU6KrclE3H5PG48Ygzilx0178Ozhq0kQSLX30BmJy6Mr8qDlopHLRiemTPo5XS494qg7wDR7RHhCBZnwseshomH4To2QmygJktq-M8En6RpswDlcMDGsGCHNC3EniPBKgNqZrvZInVB6tZkUNNB9gAKCMbqJuHVo53X_15lzPzUMEm7CPlTleZ1oO6yKcd6h452pGZjgTrYZ2rWn30BYb65EnbDgDF0AMyDcHolTm1gKJ151qOTc78QZpZuQbmxlaOQdWmtMnK81Sp7GNEumOdlF759QVPPLSUZHP8GEJJL9NJTDnqnHtkH6HA3FUk8usI4BXEDTL_5iW4vRuvACkTYJFBktTJ_68M2w-O4_vDGvU26aX6gWc_NZiYIQS8V8FG9elShZsbp6zIDEiOjKd285eU1HKCFBT5TD2ARR0nTc4F9rT9DK2Pr1pJBd-hmdd_XG4bQ5iw6ldRrYnzcOf2n3x6ce3KFvdrqn_6cHmyonDj52iD0xPc-6Sg0OpOmIYcfXoQHrO6Tr6bOHq6McMmycmmgSdz35BMQbwnp-k1Eb2JjpkYwrJo24Hqf8SYYIhoKmPEVGWMdhxnH11btcWoHoLvmtaAjzc5KnaexLmKFCG1XNe4ghC4RTSoLAXewUVjK8CFvBSfG2FV-QzlpyYBjNredMt7LV9Xtbs2Yclm0S0-DZ8ekm-zTIDsR-NahSKcuIkmv8iHrvAk7Qw_cfuL8Q4526DZBTeoPrblAhfRwT7BjBmTHxC2IGmSaSg3LAKP_D3x0xFH90tNMTiS-nt9xHf9Xpm4BPWDTXUOubuPiHIq6SuAMJC7ZmamXvImUwCF8blfbTvjLK6oXbtrRDOqnwrl6jlV7csxtoZqQ7hJuq-3oRS0k4gn3EdpLK7P8xusS3oyfnbyz0uTz8Yu_NO4WGslcUjzAILUAImVAwXqCYQcCXrep7IDUo_Kh0Kv5lXW_NfO

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 79ms
79ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304110101&jk=704775499217327&bg=!NTalNmLNAAZA7GLoYOw7ADkAdvg8Wh6W74_b2Hl47iPiDIb7ebcbIx4ilQaursvpsNmrftzfSygeU7k6h9B4rKRPPhE9eOfek3ACAAAATVIAAAADaAEHmQL9z6bGHV2DV-va9dVZmWA0d2cpfigjGKdpPSsTAvhSA6aVjl1-GEiJSxClTUk1f0v3288s4QykZ9F3eeITcuQQOar3Xz4hPnaTvWjM9w54N83YbBZkbkqSIUqNcW1-D5U_2Kvyyx-gnBh1BvNgxAul45-I8QpT7jQ8SBJXYD5KiOfPVrULSC9gSnR5Uc7jkxuDhIKlJzVsi7cutYyFOw7eliBZtyrgCcORIQbv-jdU9rlDfh4sLJ8TMIRhQX3-7R-J7Y1QoNPZ7wExaWIx0qaG43mjBsju3tQ39l_ydWnC3n4VkqrS2iq_XMSvVjcbJdAJIZmAN6hLk0Gk75hldTcFIIQDzqNGB7rT-JwYmvUAd3v4YMIy6WujYX-rmY2sf3Qt96N4gFmyN2DE95QMumrEVr6eegoBRK5_tFZ6Imq5SRZcz0xcnRZzJ0t34U-03d-zM7uhxq-LxyHQlErlrp9OX44qkDadmHznvpJpHb4g-cFiiJGZR0xXaBTWyVvz4B3Sp9n5lQSTU79RpAr2LYJ8X33oVbR6XVP0H4nojCq7MFRud3d9ZDoH2YiqyT35D7FjCMwPzqyDDm2WqoCOxtG3b9Pnk1TVlXhNeVshppyxY-EvA5N0B0woejXwDD9dHRvAOmJtDDJtKAG-Ody51SWAS-X7X3CAFRiR8lmkK1gOeMdmc0oZMNuQy0NfAZjxkcpnfojYaJgSFpHs1YRyqw636gFvME1up4afsXyFxQppARFHxvXZEi2i8oH-_xzHCFO4DaZ0xjhpc9wxvxo0F9lwoDKwW5vv6nqWwa7-w0ukgdxCV9m2Pq9bkCsLmcYwrs-zr0IjOMztjslnjco1HuOicVnp_oIiX7yfhVmbUpO9_9lqJpbIWWtjiE8FoMQ_8TPSiDl27CtSJJeYt60HEDZg5TPgJ6W-UAxDAIWaPWC5UXKbggCpezOa9nRx52zIt3FFIvNni1zdspSSjHoPNeFnwJ5x3m-OyndE5lZ6990I8E9bRNkLlccKL5WLQi30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
215 B 119ms
119ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2Umd,pingTime:-10,time:502,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEyLjAuNTYxNS40OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1681589787264%7C%7C0cc422e15e6d4374bc952161e6e684ff%7C%7Cdfcb286d4e51c7f962b51496412cef83%7C%7C5c3a1d234534a973fc8f32d1fec6331f%7C%7Ce71181fbd516aa99051b1e542dc3f35d%7C%7C4d2e7418be7a622d7e1047171c1f2890%7C%7C04cb438e19495441e5ec5a8e5a6d33bf%7C%7C1b14ff6d2369f4c8f6a5b65c95c98c7a%7C%7C1663701684%7D
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 container.html Show response
3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 08B1 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theatreinchicago.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:25 GMT
expires: Sun, 14 Apr 2024 20:16:25 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A72A 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYX9UK7eHpETMPnHznRl-8Ko_3mj6JmC0E3WsoTrSPoj7v9CBJ9J4DKGY5TeUWgtDRSl5qqEe9o5JIhat-Gny6lGkSszxe8KUK_o11yr2Bd1iulQ0mxeebXCg8SAQqy1G6jkJIL1Jxdnoydt5TZZo21-YEEjSa34MlVWQbyi0aJzBRHjwgbi-PEtwinxld7c1nNGPoU9RvdmfmsOyhq73ikZVJHn18r-h-TROlAW1MQSITE6kV44E2TnMFzSBHsm2Vum865oJOzae5s1zV9OGKEKdWdRW7ZKsOGMOQXfeT77X84SasgKJZBNgE6H5GekVZwkDIUAL1SvamfQRmH9qoYUujSzOx1Q&sai=AMfl-YTO5KG2vuJtr5LIEnTKVr1xpqiXvGK-bFvv2VBYEw7MZ8dtgQPmZd74L-B1WmGjP43J2m85qnbbuS__nXS8gGHs-5_g9RzwOKWZLNQKxi4XqXusT6adFBPAvU8L1w&sig=Cg0ArKJSzLAKAcCDiuKcEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame A72A 22 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40614
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 08:59:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame A72A 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38361
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A72A 0
0 48ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTAQqoUt6qkDfcRg-QfMjqeaWKkg-c1aqBcszlYVAXj8-tyZ2xM_UQgM-BdNgBs-8mMEWy8ZzzY7qs9bXqbdp8Rz9a6Rw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A72A 159 KB
49 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 9145209961468413200
tpc.googlesyndication.com/simgad/ Frame A72A 89 KB
89 KB 50ms
49ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9145209961468413200

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304110101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb7ff7e94545aa1040e144c21c3a1a8de87c62f77e009dbd36ec6fba0855e0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91608
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 21:43:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 20:16:27 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame A049 170 KB
59 KB 167ms
40ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Origin: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Apr 2023 09:09:31 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/elements/html/ Frame A049 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1352960/70224241/xbbe/creative/adj?p=APEucNUEnxclthYSwv2zNqzSHh_CbpzW096FUtfDt1bmn6IyO2bfHso&d=CokBAKAmf-DiQDcFi8Xdd4grUBgRqIgCIMR5SncJjGrGCmoX9YI_tLacWwSBb9m4TtTbX4Zfp2uoPdjSUAt8MkYo1zGzk-fXxTZiKC4q5Tj0Y9V68hvkqx7GQORbqVYKbd0jm9EKnMxI9IxRTi-eGm7Na18K9TVXHWfA6BWHJ5nLeZG2KkD132TAsgsSiRQAoCZ_4GlwmasX6Cs5HbxqeF6mS40HSTkS-TJaP8Sic9TsVAPNq_5fEy_Sz-oYDNsf2_L8YLu4lsvzsv5imADdhxzgoY2o92POJ-jIS1dzOVfBzJ66WqJIEL1O6RsH02BaVV8_jCPNtl8MW43jXUHG_3YujVwXPxgRCzyF-iEf6T7actKWczl95oBVhyYrIDvLcsXdl-KwXvhadeQG1YRcMYD_NH7ecAWkaa-l0L-ZJigmvJw5XntfvIRIhkaco1T5IRiOzXgV3ZI6LGBDlT5S0gfrRlEnTSwo4KYlEpySWZPCQQ0tDAmwIy3EESt1oF2Nl0YD266FcbhVIj-YcMXz303W39ItUsqdauNfX-7XBqhveAijRYWompejXg0coArJm8vhW1wk-vihD_jqXK7qsdTpxZg-3lvGbFePCB7KjiYQ79H9qhbNmRd8RUaqPTDAxNMGCDJzY57SDt0cv4EEdgzLgDJFB3jUhyJf696qKBt_YNqelqpqdr6FqRpOGWdwWmHGjica-IPEDQOe0WWggANeKh3M_xXmyM1zSzepgisrjttYbGFTRopZZH-PtRM9US-aXZj_kimrl2tH0VPo6oBTiVGn2u4B9P1O-TYEtyRGXP40j6-hOiq6lmOpIRpwEYyy3omPkro10z0SjW69Td8sicjwq_VK_l_9urp2IcnvaV34qUiAXBJsmyTpGcvT7gZDFVMMzP0trJ_-N0HeGs1lL-Ws0Xl0TIwD7WbcOxuNKg3DtJgp6I5IsmgF9SNtdIqCgdt9FWTIbX_nteHXo8Q26wVKCuUu02wfb3VIGpIh60dwpeDY9Hj92zkyiBQdSdVktyaCuayvXVvd-u0S-idnpef1m8Vf32W-7dnuFIe2-ul9zEN3Yxod4W_NMDDlXEL9IUi9DG7XF5qQFvWtTrR69FLtDxsDwVT_-_GhcfTUoYlULbSyprUFNR3MQLZ0WYoCfU4meMC9t7bMut58muotbwSSNU-aYy5LjtpzqToPh2eZFZO5wphfE5j5l-GDDbJsdWXSoa-PdUf4XCpPRM-QXC1glnCIOOHppKISIDZzS1H-ue3PF9gyl_u99H3_DcPahxmoeSbZFLtd7npmORSHIUoi4_oLLatFcNWnP2YtkGbbTQRJOywqe49HJJEz_vFfTD8wKNyIpwSgAreED29G1Eo4vqmuXA6WNEE5U24_9pedps-yOfiWIQ8ErKHxnuRWcAoxOCXD0LPzmPYkZFmvJoYshGViqFYzv-vCfcfptJy0y_eYqSXwgMc14xcdda0Hvl1g-sXjrLDB-7pduwHyRWGOdTAxz8rTkFAeJovRGj-wgCjVZYz0jiVZ8e1R_oPY7Gm0clQW__d-HQKGMYZx0mtjnOESCvV6B8OqIa57ItIyaso8wzTKC5JT44PZKDY8XP2xbCENXnEPayKofRyOsVPlQSpzvMaFbboARjufOlz5BNjczlbH8mtZGv5CssLOvfDu2DWqho-2fKN1yLcP_lzWPmkdq0CGbE2irEAkAC3T7SCIsfRV070PsC93uVPXqvxn_whZBsiYiC1naKilbk77Vry_A6Qi3YO4_SnUJvZjJkMTfMUAttC74lgWU8uk_KuwBrKXcp7u2Qmn0lrb8Xrkyle8Cj7aYuLRWt9-HuejH80xumk5P2Fq8JIDPjZMoeDzejgFDnXu2AVcW3I9weFRlSHsq3hoqBHt4xfWB8pIpXlQ_ImKTnwlCXvgmdPgbiP-r9822JrX9pJ2lsIw2sJ3ZYtzGgjcb9fmedrvs_Flt9IyH1OodjG9XEQF5w4-QS0IXEAE4XAkK2ATMiv2nDtOnueTgx-D5m49tUaSsh50PsrgpDPjcaBteJlMjcqrtCZbzm9Bb5XMxJO3YWJ83DGzsL2J1_2iEbWmXGiD6tWmtNqXTZNQ5za_-KYWCpuWMxoxiLeDflNU46Mbf7xc_l9JV4TiybfU9Rh3IhCZRGS_SmYa552aYTfWy1-rLMqMF27_jwDN--Krjm-PXUT7S5oXrUq3xzbGqsn5yIB6vcp3IVzv1pci4zqVTyx0ARUiMUAmieNCfkyq6RuICfD0i_AiwXOsErONNyXtW5GduyCumFRZgwSZ3zVet-iQbkOrXcteU61ggeZR1kIr104xgxRYNy0CzUr9tyeFwZBmjiWRPD6Qydk97G32b4xYNgIp6EV46THGilK7FUSyuYYvsW9WBWoRahqJYKJRz5F-o_hQlctp4UJ560x_CZm19Led79rNYcy0j2Izo-rszPIFwK9z4ixpMt5jzcy2up4bwmSTlMipOzsL6WESe3qp3ZZP5fa5ch1a-DZlrnuzGt9ZdHaeW7FK9SI9Z-x5PEKokcR4pt7GNqt_hZy_RZKmRD_LZF2I2bynYTRqwvt6SvlHItr7gQ4AbIRqfXrEtjqu-GpuQfpEYjVA89zTGvWJN0-GP2eBFiXdT7QrmOy-Oz-mAsQ0XObdLHyAeg_rSSc9Xg5Qio9RyUbnMTLhcoaQ-v4Pu9_h5YMMy7Ne3IEHyG6StIO5Ceias4vpqv94O4fNfSFnQ0HujEFz8SD3ogNhFPLXD7rzpR3-bYQOBoOd9AKHz9tP-qzNZ-0sEqPnqezxFhagG9ZZcoHsESqe3qBUPD9CBHzMAfwRJ18aZHC925UcpyG-ykt5R2pRnc2_L4e6hKYA3ivCq0QQfS77KRnLVSy8VTOZK3ley4c59QloBxtAcndbUt9gmM9fMJGqoWybcjYQJS8Gk19W_-gBznbopKjN7C2W9B0c5TYFHjCzZL3LgffPhaTqr2si1imO0JxX_WZM0MLmTULldrhXgEdqe6Dqn2LHFm_sQK39gkxP7goIOYKsgFSgM1_8Ru28aq8-M2uxfhqkJuCRJeaJuHhQSU5a_thoPQYgNRFOa5Ce8RICN33aRT7ytnhSes0bjkfQdXqvq1QIzMNF9wUpND0MbTTiBi55xeMv1oJkcB_mKxxwUWvhI1VszpUEKf1ZGBW2xyoOTS29VW93xYg3WtwiCa97Y6yVLZDxDsJFH5PVPn2UPTRJaSnLNM3aim0YvU9JaNnly-X5QETznDZMwnYbuQLr7xkdMbeuly85A6GVi9YVkhYLeylBB4HTCSVFkpv1kADBeBSGWTBtnp6Pom2MQyWY56PtnY-iq-G4NltXUc6zu6Xxw4IwHqQo5-8S5ewrWqIZlvEUqq5rKlW5o5eU2hDPxN2_RUx-qXc1GnjsbgP2dFY9vRHMPtFeVTSAs2vo8C6UmRgZFZ2UJgdkeLLy89L2C5D-Capf5TV768RnXD4Bm6pfimh5FUa0tLSEEcJmapw3kaAODhUVt3n0s7GYYS_mj3Vn-8OyOZoMnBPm84U6-0by28WFIcM0jhXUrLpJTnKO3oWv8EBMyeBMywfYP1jxAT-ssCsQ5JouZsn7onYeRYCKxte4GkEIBBI7AHKBCIOJnvSFXpZNRV8wZiTFe6YvBq1XYiPzNmwerPah4-79uZzLzuCfOD_SXxkU4B2QcHqnEhO572EYAWAB&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-4875329658179347&ias_chanId=1&ias_placementId=19774044633&bidurl=https://www.theatreinchicago.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h2LvqD8voODyIs9jta41kw&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.theatreinchicago.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:a17ce71e-2a5f-d0fc-4266-3a4498606a66,c:9T2Uer,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-gnpmh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:20,oid:6665d62f-dbca-11ed-adf7-a242599692cc,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 19:33:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 19:33:03 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame A049 28 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 19:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 19:36:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 40AA 624 B
242 B 197ms
79ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiM97DlATAB&v=APEucNViA84n7LGgy3Q2V-U9cNwScCMNb8oCubfFl4WZpwqzqCp0DYsSH3SRQUYuzsaHtSERyjwB_M0U4bN6b-gvqzhRUDHocGvclc2sPW-f9Tzx9jtazAnM_z-98VSXQ6TE1YhWibabVr6MP7dgx54zZjYpAOplgPn-NLhd0wr6iU4VGxqYz6Q

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 08B1 78 KB
27 KB 146ms
145ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 08B1 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C54oBBKP7iJH9_sN44PhQfHKeJhzk89VibQXqHGlecnJOM8ranAFcwUhBKc3cP-bOU-dAVa16gWUnXOj8Ghqf5AX7Z_QbBvC7tHNKRWZIhpTseWbY

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 08B1 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7981432910268369104&x=1&ct=76

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 08B1 3 KB
1 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38361
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 09:37:06 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 08B1 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 18:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7877
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 18:05:10 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 08B1 0
0 48ms
48ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRysiMY8W4En8Dc6C7kZwJgcf0zurzVQxYtIn396-u9M7jQAfQKJI4u9pzMJ02hZpa9mL_weTMBj83MG0myolVMxRKV5g
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 08B1 159 KB
49 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
DATA 200
OK truncated
/ Frame A72A 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ba7c5156c3fc4ecd08edac8051c5bab56f31f5d7683589a06690d816fa7f58d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F617 1 KB
643 B 44ms
42ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 05:12:40 GMT
etag: 48472445140208031
expires: Sun, 16 Apr 2023 05:12:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A049 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12c22a019c4fb90c00f25247aaf50758466a76250cbb297ade30b0756fa072d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A72A 0
0 75ms
75ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMqpmRyx7PWPYBiEOlc0EFyNHUHmRi_f6BCJ_3dgMq7oDxgeHnlxDXiRXQTUkIgMjf4Px0sUSnU0xnnwNO66p_78NwffmpRcoAQqjcynLDlgpqHk1N8CI6vQ57QM-u1dkz7BBwLUjF7Izo2nUdXRR-SE4PjdoLQgHYdxeRZoss_-7LlGQPoqk8Tk1PR9Hc5xjN1qbUqCkQjZylZnziaQSHoY7jXF8xJq0cy2ychEZ5iQUp-2epPn56QjA6sLp2jMoW3biHQWVf3XoYbJaPIZAFNxmnne2ZRzYyIDzA_7lb1qwUCVgJSXRkChmygyGTm5pjpernHKNHBYvRFQ&sai=AMfl-YQ3hHsMn20RWsoakBkt543EfhkpZ1Y0SgJPkAmOnFgs_Yf9hDouZjOLjX40Jfcxsp2PEV1cWhWw2PNNxkp58-staPjmCOpxtFvoT9DWPQ2S6Ef19gWhUa3X8OfM9Q&sig=Cg0ArKJSzPnIs3Tl3SbLEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:27 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 08B1 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9352822125855&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 08B1 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9352822125855&version=m202301230201&ct=76&x=1&cor=7981432910268369000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 08B1 83 KB
35 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuR2BkuTUsuoY3dkhr1T3w3cnoNUfrB-VZ6gLaKF3TZtXum_fbnT4o7IhezwLi5rRtvXCKy5fSSuhdzH0ZQVuRCUXWmIYp3M9SmZSlSI5a2Nq1gVJzHldQE7OjgqRRjHY-L3J1ygO9Ut-0HLD_uBqQ_vCHlgnc0Wsva8zU8L8t4PAV4io&dbm_d=AKAmf-DGLmeipRpZX3iDQshu9qsuoYBgyT1t4TCPVh_BlGgfMrLpUA13_Jhkj7gaZfStZZM1GLUp-Wpy8aujpKCJC9Eyr18btaCpSKJG8MedUj0kK6FWgcLja6c1eC9QjPLCBH9Ec2g3aUn2x026utNwQAB_2bWJccN2ojvaQ_oCnUMX-JewyplNdSlM6GWl4fkvE1aTCxSOeJ707-DLg2uJtSQi3lC36iuDw1FcizLwf5-v55-L0HE32KSX7U4j1evt9X_8oellYcJaYO-zapP7NPcLy8yfqpygGTuZHaVPo24KI2lWjRqEGL8RAI42VfZkQ13oY1DKd352GWJY9BmG2FNN8QRnuWK0X1bksTxbFmqPrzP4RNZGX0oi2mCm4Sa6WB3orwAeVABWvFNN_peDHQW78gDqC2mZh3f-9meck8YblMBo512ip7ssFBAUqrmAgOEC4qvnDMnMkrroBehFCRS3DVqsjHP0FAGG8RAqUy6Flh7pyQ8PKlDk0FjsWM-GCCt1m_Wmoz-utoOqb6iO_NuwamsPABk7IBtvaso44NojpdC-ZnSPy9oHuHmCH7dFozGP87Ol9x7cfjZG8UIvmJoegpc8j77y94ZT4LR8X1RcVI3nDfjJFKZ5FiXBjS-EMDwrF61GhDJNwFAI_YvXo2PE-rc-etuLx9uakjNZvgJyB3m2AYXjAtalf_7hVFSJMquVjLg0K1M_L4vCJK-_AeR0yMFaD-bO8zdtV3egk0OG5SGsKMw7yswPBTHJqZNWQRGnM-lNjIyD1vXN709aVHACWl2WYd4IyTkC1-SExjJchg-ZVdUM9hx-AYo8H5NZCm5PglY5UecwMgLbFovXEOOcKPuqOK4p8hsOtW4adJ1ySvlHDU9JSilKrhqlAehfwPia9LuIe78_iaXM2-S8bK2uaA2yXEL2GBZnsxuSO6loS8LxG0iSRdhkuqsqKeC9YwXKtrbGpbeG6p2dMmLSqaaB5qiD26LZF1ArmL7W-6fSYH55I4k5nar7YoD119VwudhETquuTzge4GVNL2FoZBW4901Dl_Yio5IcG3-SJeQ1Gz-CpGqi8w_21EGXhnojN8k_0ADhwHuI6WibZzFkXRE3B-1kRTBfv1eOAuUUeSu5RakGlpbLMSAmxnhKzDBrlKBwA1-t4NM19cpKS4tm2WLpp_hs13uX_adUeR2xBP6X4JAWt9oq29LRB9JY4kbPMtRdERtxKoE5TIKmPN31GPfAVgerwvivramvbq3pO20MURY_oKukeEvvJ9qzZsxV1fgBUjQKHq9jghJVEnAGFYhTRwG-eYNVW1WogMpIFT7VBVU3XJ3np5eNSogWj0myVxPOmxrM8IeRyV7XA1n8-OIwMBqUxaOfB_JRYxKRNTQv_etW_LDHdPP9ob29EQzmTyRV8MSIZZx1LjlbDvorziaDOQewSk6qlwT5_OJH5NIT6olKLfhaeP2tn9w9yr1_zGeaA3PIYLHUeA-8EHGErwGgYyVGQYgnvtiE4HmrLRMj-iwz5Kqc8YXMdu8RM-0npvW-366QrdIM_OJj-fOldC3u6OfMDyixRkqXojs4QnK0yI_YIMFzLjbLDGVFTVvlssr0ZBR3-gMEg1hHUOlahfRQJdTVthgUOVsmXAV7TDcqVnmYdM-USIA5MFita2FZRbXpRY5IiVVJfNezFwQvi846ywuQ0Jp7mXf5x9XhgcUC0zO0xnCJB2UWDFkfwhbnnd4QBpTOqUrrkQGbB_ad5NxIJ4Q31Jx56Rx1BI-zQwcPPGn0xu-wSHqdJKeJI4cDuqZP0_gPNfu7-4fk9Rvj3a4HFueYjpQ8IaoEtIs1WCDqJny192KyvkZ55jF0TjdHnygrCREkr4LLUr_cgOtOchK-ctlL9Hfo1ZSnmFNEzXHWIrbS01OK9ikiIP6g1P1CkqHIWot7gRRNxD7m_l0bKaPcPeJAw2WSrg_tjWJtoAnEP4vVv3hWkpqWXixCGne05L8BzqIqzYMsFl8hhCbfJF5GijtULycMJ9ltj916GKakWlx-zuDP1HgKFIznRlV-vlkN0CJ0EvrIJ77uh3c0SreVzVGerV5jy6kDutmKKK27SSLQVp8GgFN4yd_fjv7JA9O6ZXCvVXXpU6fbcmYQa0lzGGbgcSxXn5GWa26BaYDVkzDmgiO_cg3-88QV5PqB9K6-ePOP8rmnqG1psDdpI0uaYPtNFq0QoD0lu3MiCHUeVWgesZxgeV2WkGHlmnUQuxlVQBPH5v2xXF0CTIy4o5YRhvY-nd4_uLVTpcdQmwR9hwRSV83mvhmRIcZikvG4AikS4TjzHFTCVzBBuSSLbGDprDw28oFquDd1mBpR3njMCdzLpJo1eyjuMKDTOjkYKOSXGaKCFsQu3zrd1Y2TSORYxSpM_q4qIg-j08RJhIMNqPJlza1XvjQT5C_gZcoIPmyAwpTMrmSo9mnDurtQKm2Q5ep7KzppaIk_MySVYJfgm7kg5QyMItwJsg8b1St14aZ5he301zHXTM52kqauXziSNwRVibA_er70y1u3WqIQ46T6YyaCplRw4VxCJ8HC2AV4_2Nu-8Bhpd84qYQQBOgAn9Wp17dmZ6PKnR4TVy6d6XIOxGF3k8HTbi4S7hhTRwsd_MVLF8EQf45-t6-i21ID_-d01Jn5kRyiY5cFNJlCMzZgGijgxsrOltgjBtJwTqOQlDIC6eh7ezHyObDwvHC78s8PJhhB7k6MsWg3PZ_lXtaZrn4lMvSvOCkN_20gpYQDSHi2G87bdM1N7mGjU9dcU0cXAUHytVWFXtx8fCp4yRjIWwbJ_EFxoWRxEuUGNDyu05MwtfBU_9R70ZP_6RxHb5zzi6CxPQw99kPnFKwnPFhWUWqzV4YC6-h-Km5qcwADHX929_55KFbpxiJ4fl_aoAiV6NUp0c5AbfslbeyY-uxx3qQrh5aQpJotkA27VDWNqeq6CJPm_g3m0t9H2mgRS7ZVqfPJYDICICCY1KhtMepH_3B8_9YzrUkmgkYf2_buwi7tzeg-pCGLavwRgHCu-EoMg2aJv2tovl2Kh8S3Xatnjp0J6yxJYVzliB2KmMx1cNj8v8RbgN8jdN8uExFUbaYsYeOtYUCBLSvpyw5DayQVGil9AzmzAUCYhp_Byefwf2cXimvukdiLxlGzjQY5qtyC9qTE5C_xEOrL-DTO3NF-LHqo8pic1m0TsfeeYIrgM9gx0zb-Za6HJS3u_oBZHDf8dZibXwGKeSbhcUzEBsWgCOmmdySEBy-GgHLXDSYFR2iR&cid=CAQSPABygQiDNZIuaopFcnyH9PLyb4hFEFD-pmXpSuBA38Mdc8c3qe6NWXn2N1urDmvQ7wrqGtZmcYy9eEBB-hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=7981432910268369000&adk=943508955&idt=162&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad9cb56af4d809320d036a1c181d53c485ec78a6b619e2c532f29eeb05f2f7cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36147
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame F617 35 B
464 B 179ms
41ms Image
image/gif 2620:116:800d:21:5ed4:8d5d:fed7:f5ef
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDb5QlTxy2kjMgj67FOPyw8&google_cver=1&google_push=Aer7DvJ9V6FtfaNcMQEQgvhY-jKzpRu4kR2Q-9PMWwejdSYrP8dL8I8TFe1K_XmDvgvrf7nN4tdv9Ogz3akYVylkgS_loiPrPPZok0M

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame F617 0
104 B 217ms
82ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBqquoQ2dXiZ4hTYi626xwM&google_cver=1&google_push=Aer7DvIEIR51kCRuY0ti4nGVnA2ACN3auft4I-FjMzEuZKyi_G4EP6xtP6W6lS6PxkR3b2ZmbjME6Wv5eNjlkhB9WEH_LQCKFzc-Yw
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F617
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENU3yk1xkCLwe1bZBTq7FCU&google_push=Aer7DvKTm276KrES6LtRsYJtbcIniUagrhM-bMzk6T_gP9CM7DCKQQkKya...

170 B
188 B

55ms
54ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENU3yk1xkCLwe1bZBTq7FCU&google_push=Aer7DvKTm276KrES6LtRsYJtbcIniUagrhM-bMzk6T_gP9CM7DCKQQkKyaAqiZzzUfu3D6GVQOPk_VPaeBZEjS-FlRCc1PsfYaf7WBk

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220033-HHN
pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1681589788.619457,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESENU3yk1xkCLwe1bZBTq7FCU&google_push=Aer7DvKTm276KrES6LtRsYJtbcIniUagrhM-bMzk6T_gP9CM7DCKQQkKyaAqiZzzUfu3D6GVQOPk_VPaeBZEjS-FlRCc1PsfYaf7WBk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F617
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAsAQm9pGzFTPONUoqLPf1Q&google_cver=1&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTfGfHUokN2dSds23Bw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=949C3ED6ACF848988517DA61DF7B0D84&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTf...

170 B
188 B

53ms
52ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=949C3ED6ACF848988517DA61DF7B0D84&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTfGfHUokN2dSds23Bw

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Apr 2023 20:16:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=949C3ED6ACF848988517DA61DF7B0D84&google_push=Aer7DvK5fGD-EizG-Vleiu4JwpKeG4cGcQc40iJloF_LeeiqQYln43J3Nw3gdQ_NNY2-ehSTtopgM6hoZ8y6JTfGfHUokN2dSds23Bw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 14 Apr 2023 20:16:27 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame F617 0
191 B 143ms
41ms Image
text/plain 98.98.134.243
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEKiyYDR9T_7JbIkeDGxiv3I&google_cver=1&google_push=Aer7DvJoagJTtNmPY51_fgm3e9ZO4hKgM7MWrzCXOS0BgtZ_FCi_6Dk4qOGKN_LGQbRT1qkpG24Tzz4h-qyNYcfmC945TaZtDpDubPI
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.243 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 15 Apr 2023 20:16:26 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F617
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHL1HsmYbPRlr1I_hVyrr34&google_cver=1&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovm...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovmMfnaSJoPLjN_xUSlFYI

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovmMfnaSJoPLjN_xUSlFYI

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aer7DvIxI9a6DKcFALK-WGkaW8VeMpqw3ynRmugdikD46p3WFFLB_xGXZ2Mw2En6LO_36YQONSlZY8pzaovmMfnaSJoPLjN_xUSlFYI
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame F617
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEPNxgf6teVXeOnOsXBdQD6I&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aer7DvKYUkpzc9xyNBdovpirQduEqDXcQbtChiTOut45CyfUbWphql2TIOYpeU71DpBqaFd5TPLXsg1TOAUzj7iXiojIB2NIm02Bh_Hx
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

64ms
64ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

expires: Sat, 15 Apr 2023 20:16:27 GMT
pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F617 0
12 B 49ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LhHRNGaqxA_S-uQkMZhbjYg84jMeDJePXnZrztyyeMDDPrF29TLZdIux8QfYI9wUao6k1fMQ

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 40AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1

43 B
766 B

41ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiM97DlATAB&v=APEucNViA84n7LGgy3Q2V-U9cNwScCMNb8oCubfFl4WZpwqzqCp0DYsSH3SRQUYuzsaHtSERyjwB_M0U4bN6b-gvqzhRUDHocGvclc2sPW-f9Tzx9jtazAnM_z-98VSXQ6TE1YhWibabVr6MP7dgx54zZjYpAOplgPn-NLhd0wr6iU4VGxqYz6Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 40AA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1

43 B
766 B

40ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiM97DlATAB&v=APEucNViA84n7LGgy3Q2V-U9cNwScCMNb8oCubfFl4WZpwqzqCp0DYsSH3SRQUYuzsaHtSERyjwB_M0U4bN6b-gvqzhRUDHocGvclc2sPW-f9Tzx9jtazAnM_z-98VSXQ6TE1YhWibabVr6MP7dgx54zZjYpAOplgPn-NLhd0wr6iU4VGxqYz6Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHVPYEjnX3-4tFCji7G9qeA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 40AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMMl_8Fj8q9-7MW3RnrC0M&google_cver=1

43 B
1 KB

48ms
47ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIMMl_8Fj8q9-7MW3RnrC0M&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiM97DlATAB&v=APEucNViA84n7LGgy3Q2V-U9cNwScCMNb8oCubfFl4WZpwqzqCp0DYsSH3SRQUYuzsaHtSERyjwB_M0U4bN6b-gvqzhRUDHocGvclc2sPW-f9Tzx9jtazAnM_z-98VSXQ6TE1YhWibabVr6MP7dgx54zZjYpAOplgPn-NLhd0wr6iU4VGxqYz6Q

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:27 GMT
AN-X-Request-Uuid: cf5eb2a0-9c22-492a-8d66-86b845dab14e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.102; 80.255.7.102; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIMMl_8Fj8q9-7MW3RnrC0M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 40AA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Apr 2023 20:16:27 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.102; 80.255.7.102; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0c64687a-454f-48b8-b2d5-36db2552e0a2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyNDI5Mzc2NTQ4NjE0MDY5Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14981401267596077774/ Frame E1A3 1 KB
767 B 131ms
49ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:27 GMT
expires: Sun, 14 Apr 2024 20:16:27 GMT
last-modified: Tue, 25 Oct 2022 17:10:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A049 0
0 179ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvmMb90bZrIp8SKgFTHeaI5Gq_HYZWHnXjssvWra45kRXl7ebauggKk1QgOEe-xjDAIuTjA_Ou1fALzjoEzP4jx7iqCKfCueuspUiUBA_RUu6rUZitrjAWRCegF2q8sAxCUJgmTdGnH6nvSX5A2rTfpendZAGQ3KAzXb5h0A7MS0Js6yw&sai=AMfl-YRQg_2VsDu2pErmSwIQJIHFiaRp91simnu-1mQqngnHkPYXPsL7qlvBqcu6SdyivFGUV0uSfUfqqjdYRLDXoFI_KVpzs8MNvmUVc4ediqKMxsXV-zlVP_MltjZarg&sig=Cg0ArKJSzDN7jVTPBsRoEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=252&cbvp=1&cstd=246&cisv=r20230412.02851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame A049 43 B
1 KB 201ms
56ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577811&gdpr_consent=&gdpr=

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.91 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Sat, 15 Apr 2023 20:16:27 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Sa, 15 Apr 2023 08:16:27 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 08B1 170 KB
59 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Origin: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 09:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Apr 2023 09:09:31 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/elements/html/ Frame 08B1 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuR2BkuTUsuoY3dkhr1T3w3cnoNUfrB-VZ6gLaKF3TZtXum_fbnT4o7IhezwLi5rRtvXCKy5fSSuhdzH0ZQVuRCUXWmIYp3M9SmZSlSI5a2Nq1gVJzHldQE7OjgqRRjHY-L3J1ygO9Ut-0HLD_uBqQ_vCHlgnc0Wsva8zU8L8t4PAV4io&dbm_d=AKAmf-DGLmeipRpZX3iDQshu9qsuoYBgyT1t4TCPVh_BlGgfMrLpUA13_Jhkj7gaZfStZZM1GLUp-Wpy8aujpKCJC9Eyr18btaCpSKJG8MedUj0kK6FWgcLja6c1eC9QjPLCBH9Ec2g3aUn2x026utNwQAB_2bWJccN2ojvaQ_oCnUMX-JewyplNdSlM6GWl4fkvE1aTCxSOeJ707-DLg2uJtSQi3lC36iuDw1FcizLwf5-v55-L0HE32KSX7U4j1evt9X_8oellYcJaYO-zapP7NPcLy8yfqpygGTuZHaVPo24KI2lWjRqEGL8RAI42VfZkQ13oY1DKd352GWJY9BmG2FNN8QRnuWK0X1bksTxbFmqPrzP4RNZGX0oi2mCm4Sa6WB3orwAeVABWvFNN_peDHQW78gDqC2mZh3f-9meck8YblMBo512ip7ssFBAUqrmAgOEC4qvnDMnMkrroBehFCRS3DVqsjHP0FAGG8RAqUy6Flh7pyQ8PKlDk0FjsWM-GCCt1m_Wmoz-utoOqb6iO_NuwamsPABk7IBtvaso44NojpdC-ZnSPy9oHuHmCH7dFozGP87Ol9x7cfjZG8UIvmJoegpc8j77y94ZT4LR8X1RcVI3nDfjJFKZ5FiXBjS-EMDwrF61GhDJNwFAI_YvXo2PE-rc-etuLx9uakjNZvgJyB3m2AYXjAtalf_7hVFSJMquVjLg0K1M_L4vCJK-_AeR0yMFaD-bO8zdtV3egk0OG5SGsKMw7yswPBTHJqZNWQRGnM-lNjIyD1vXN709aVHACWl2WYd4IyTkC1-SExjJchg-ZVdUM9hx-AYo8H5NZCm5PglY5UecwMgLbFovXEOOcKPuqOK4p8hsOtW4adJ1ySvlHDU9JSilKrhqlAehfwPia9LuIe78_iaXM2-S8bK2uaA2yXEL2GBZnsxuSO6loS8LxG0iSRdhkuqsqKeC9YwXKtrbGpbeG6p2dMmLSqaaB5qiD26LZF1ArmL7W-6fSYH55I4k5nar7YoD119VwudhETquuTzge4GVNL2FoZBW4901Dl_Yio5IcG3-SJeQ1Gz-CpGqi8w_21EGXhnojN8k_0ADhwHuI6WibZzFkXRE3B-1kRTBfv1eOAuUUeSu5RakGlpbLMSAmxnhKzDBrlKBwA1-t4NM19cpKS4tm2WLpp_hs13uX_adUeR2xBP6X4JAWt9oq29LRB9JY4kbPMtRdERtxKoE5TIKmPN31GPfAVgerwvivramvbq3pO20MURY_oKukeEvvJ9qzZsxV1fgBUjQKHq9jghJVEnAGFYhTRwG-eYNVW1WogMpIFT7VBVU3XJ3np5eNSogWj0myVxPOmxrM8IeRyV7XA1n8-OIwMBqUxaOfB_JRYxKRNTQv_etW_LDHdPP9ob29EQzmTyRV8MSIZZx1LjlbDvorziaDOQewSk6qlwT5_OJH5NIT6olKLfhaeP2tn9w9yr1_zGeaA3PIYLHUeA-8EHGErwGgYyVGQYgnvtiE4HmrLRMj-iwz5Kqc8YXMdu8RM-0npvW-366QrdIM_OJj-fOldC3u6OfMDyixRkqXojs4QnK0yI_YIMFzLjbLDGVFTVvlssr0ZBR3-gMEg1hHUOlahfRQJdTVthgUOVsmXAV7TDcqVnmYdM-USIA5MFita2FZRbXpRY5IiVVJfNezFwQvi846ywuQ0Jp7mXf5x9XhgcUC0zO0xnCJB2UWDFkfwhbnnd4QBpTOqUrrkQGbB_ad5NxIJ4Q31Jx56Rx1BI-zQwcPPGn0xu-wSHqdJKeJI4cDuqZP0_gPNfu7-4fk9Rvj3a4HFueYjpQ8IaoEtIs1WCDqJny192KyvkZ55jF0TjdHnygrCREkr4LLUr_cgOtOchK-ctlL9Hfo1ZSnmFNEzXHWIrbS01OK9ikiIP6g1P1CkqHIWot7gRRNxD7m_l0bKaPcPeJAw2WSrg_tjWJtoAnEP4vVv3hWkpqWXixCGne05L8BzqIqzYMsFl8hhCbfJF5GijtULycMJ9ltj916GKakWlx-zuDP1HgKFIznRlV-vlkN0CJ0EvrIJ77uh3c0SreVzVGerV5jy6kDutmKKK27SSLQVp8GgFN4yd_fjv7JA9O6ZXCvVXXpU6fbcmYQa0lzGGbgcSxXn5GWa26BaYDVkzDmgiO_cg3-88QV5PqB9K6-ePOP8rmnqG1psDdpI0uaYPtNFq0QoD0lu3MiCHUeVWgesZxgeV2WkGHlmnUQuxlVQBPH5v2xXF0CTIy4o5YRhvY-nd4_uLVTpcdQmwR9hwRSV83mvhmRIcZikvG4AikS4TjzHFTCVzBBuSSLbGDprDw28oFquDd1mBpR3njMCdzLpJo1eyjuMKDTOjkYKOSXGaKCFsQu3zrd1Y2TSORYxSpM_q4qIg-j08RJhIMNqPJlza1XvjQT5C_gZcoIPmyAwpTMrmSo9mnDurtQKm2Q5ep7KzppaIk_MySVYJfgm7kg5QyMItwJsg8b1St14aZ5he301zHXTM52kqauXziSNwRVibA_er70y1u3WqIQ46T6YyaCplRw4VxCJ8HC2AV4_2Nu-8Bhpd84qYQQBOgAn9Wp17dmZ6PKnR4TVy6d6XIOxGF3k8HTbi4S7hhTRwsd_MVLF8EQf45-t6-i21ID_-d01Jn5kRyiY5cFNJlCMzZgGijgxsrOltgjBtJwTqOQlDIC6eh7ezHyObDwvHC78s8PJhhB7k6MsWg3PZ_lXtaZrn4lMvSvOCkN_20gpYQDSHi2G87bdM1N7mGjU9dcU0cXAUHytVWFXtx8fCp4yRjIWwbJ_EFxoWRxEuUGNDyu05MwtfBU_9R70ZP_6RxHb5zzi6CxPQw99kPnFKwnPFhWUWqzV4YC6-h-Km5qcwADHX929_55KFbpxiJ4fl_aoAiV6NUp0c5AbfslbeyY-uxx3qQrh5aQpJotkA27VDWNqeq6CJPm_g3m0t9H2mgRS7ZVqfPJYDICICCY1KhtMepH_3B8_9YzrUkmgkYf2_buwi7tzeg-pCGLavwRgHCu-EoMg2aJv2tovl2Kh8S3Xatnjp0J6yxJYVzliB2KmMx1cNj8v8RbgN8jdN8uExFUbaYsYeOtYUCBLSvpyw5DayQVGil9AzmzAUCYhp_Byefwf2cXimvukdiLxlGzjQY5qtyC9qTE5C_xEOrL-DTO3NF-LHqo8pic1m0TsfeeYIrgM9gx0zb-Za6HJS3u_oBZHDf8dZibXwGKeSbhcUzEBsWgCOmmdySEBy-GgHLXDSYFR2iR&cid=CAQSPABygQiDNZIuaopFcnyH9PLyb4hFEFD-pmXpSuBA38Mdc8c3qe6NWXn2N1urDmvQ7wrqGtZmcYy9eEBB-hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.theatreinchicago.com%2F&ds=l&xdt=1&iif=1&cor=7981432910268369000&adk=943508955&idt=162&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 19:33:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4123
x-xss-protection: 0
server: cafe
etag: 4541610132340792384
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 19:33:03 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 08B1 28 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 19:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11036
x-xss-protection: 0
server: cafe
etag: 7166013058933939784
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Apr 2023 19:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 08B1 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 18:12:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93837
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Apr 2024 18:12:30 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CB24 1 KB
643 B 46ms
46ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 05:12:40 GMT
etag: 48472445140208031
expires: Sun, 16 Apr 2023 05:12:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 08B1 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d905d34251ea961340ee754c1b4e01ae2d25f350b42152830067568abc10ad8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7493198391404092334/ Frame B93C 13 KB
3 KB 50ms
49ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2701
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 20:16:27 GMT
expires: Sun, 14 Apr 2024 20:16:27 GMT
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 08B1 0
0 87ms
87ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv0Phy-EdcFNIzN_FsWLd2I8z_c9o0m2gMXPcmQxRbTsrJokiUIwuTYirD0ImURlUb8_ysjZWI7q7d75-z31kD2Tuuhmm21Nbk8NDfdUrdcCoE0VqK3fUc3UHsEC54_un0s3nWPvFMzcWqMxkW0iO8OOL7OHxBWF-67sNYCopTzGhnmYQrVjzGkB2AI4RNyy70mMEmpjmkaDbiPhsew3tFlpbiD0Lhe7-pS8zjbu06Iqm_eBPN5HkQaUkBfaX1_ddQm_73dwzT3-yrSo5DaSJG4Ojh62gxmOMXyJgaeadKPg1Uv8iQCZAaKZhF5XIecxguOe1w-XTaQkWqh3A7BdsVZg_baioBtS_2ZxAt9hTQEeNIKZBaFol7fDrj-s_NouABteOUaQu4B5Nr3-6YFUf_XhvMYx1OvKDGf-M0mjGj4t-us0XC_Gz1sErygrWiNr5yyDmCk0GwpLkP3SfKyQ2yLCdP761L49jpQxOt8Xkgu8i-WgaS1P3miPX_Rzr36Vdwpu0sc7N1DTjg5rrn8zCI2ltu_FB7ZpRapSDeLoVEnrj-TwUf-mF_cNVExfYhGnZcbybl3bGEomLH2CkhIVKnHjLpVdeC58bC3h5ZEI6VLJhGe3bj9gcqpK8gwZH55GD0HJsFpweJLUNWoLGiD21dMNZWZguE_Eze5dikRgDhk2ifBM1mByNyRvDIlJmZZKObcqUQQugjEzcEe55ZILV7Bsgp4VKg33K9wDDYSJ40DUOvWKbAOGJqkAnq9tTDxfMmzJPNbzL4BfrpM_XwRn7g3tjrLASoez78nHGWdHHibLvebkgnGq1ljFJQrAQYJuWTqjsdCTfNJvzmX1MCXh6aFx56IyhxIzK9sONoIiAQEqNceM0Vx2YGLl29b7WqzYO9GFXiZ4JscWgVu_VvEUo9TLAxj1OSQVAXHplH1fsw1O1IP3X15lz6cyP6sc5EPRyRBc8gA5nJJWiJtUVE6CRUM2x8SdZbizs39gpxoVT6zKOyTs9lV0gYF8Jk3z8vHVPc2m7dWOIerUqwBwvKL29PgwOrVn8MIrK4pgaTNZ42llInBm6RzdsDnWMmsf8UjcG-dBvtRs_7UT-IWWsMtGZatF4tCAjx7wMqK9unCG1coGZ9SNrS3BlSk9EDnPjJKCfHGxEMbGONQW6BoQzlIqwofsfORUBMht0g9AuvcfbTfJR5C4gkuTxESb96dsxI5iG1T4XgnllBhY1hwkAP4ywG2Wf482tSyGI2rwynNBQP-9iBpMoVdXwogVCxihga6fAzWQ7RfS_wDCm_ny-X0_4AyPdpKzs9gCgU&sai=AMfl-YTo41gdGLAJI4Ji7lDoHpxFkUpzrQHjufTbijnVSCNlpbVSqrBmQv-3merS_8fASQcTOGgIAyMYSYEtGDs3GSyYCgfyx_oV5ew72PQX284OfRo6WPqWfmS_ys9yB5STC6iAWjLH7xGuahnaZuvbNMR4ZwPH-dGkwY9ftlJpnk-jbeOcJn2FayQ0ruOz5ZVjpAD6n6WNZb84KM4Vpmhhz6rmyhshCVnM3nFtFskNgc8VaP7n-lAyGsHqQUU5UBMk8QEA7utkelBWmtV8EBsZazs8zN1r7qnp&sig=Cg0ArKJSzEkevGJtZmVbEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=85&cbvp=1&cstd=81&cisv=r20230412.30386&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E1A3 113 KB
38 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame E1A3 118 KB
40 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 20:35:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85250
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:35:37 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7A4D 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 93801
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 14 Apr 2023 18:13:06 GMT
expires: Sat, 13 Apr 2024 18:13:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB24
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEM0MHuK17e4XYcqJiXENCPw&google_cver=1&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQOillc_29YQm-noBtV67rw2CKriUqk5...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQOillc_29YQm-noBtV67rw2CKriUqk5xnOnNUnsVQMRNjJtqrxuG7KgTaTA

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Apr 2023 20:16:27 GMT
Server: MT3 796 58fb543 master cdg-pixel-x15 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aer7DvIsO3U3d8lnE7b9yLOXCqgVT_qD2p0le-hmwcAqo1wDoLlJT5ejY3iZKCWKpFPrW1euEdSp8EXGTBZZyytQOillc_29YQm-noBtV67rw2CKriUqk5xnOnNUnsVQMRNjJtqrxuG7KgTaTA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 Apr 2023 20:16:26 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CB24
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQy...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9N...

43 B
422 B

198ms
197ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:28 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7b86ddcf6baabba1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:28 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1190
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDxnK8CWrduIHldjqjJuIM&google_cver=1&google_push=Aer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAer7DvI1cq0jXEmtDP9dPSOpkaN_C0ySdYmoZxhJWR6Ntor98bOsYAeFNy1kQiFpCCT_m1suNS1kDWHvEBfROzjX0-rlIUfq_9NQyWGOpO7fi6-2PHQHVEiuDDlvsQZxC3eeiRN1mLCMz9fehA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7b86ddcdf918bba1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB24
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBaswXI1Q9nDFsXtynu6vQ4&google_push=Aer7DvKfrWZ_Ly5tpv3IbVjdy_Tt488YrMIDmi5N2e2bJoJ5a7gg1WalgI...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBaswXI1Q9nDFsXtynu6vQ4&google_push=Aer7DvKfrWZ_Ly5tpv3IbVjdy_Tt488YrMIDmi5N2e2bJoJ5a7gg1WalgI_cTwvjDKskQcUJAXJIh6mSSpWIEn5qnf_vaHSK0uvuyw_-xy9zHORn06UFvc-ejbsFsqMCixxwCBVVGBEH0t_qqA

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220033-HHN
pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1681589788.751063,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBaswXI1Q9nDFsXtynu6vQ4&google_push=Aer7DvKfrWZ_Ly5tpv3IbVjdy_Tt488YrMIDmi5N2e2bJoJ5a7gg1WalgI_cTwvjDKskQcUJAXJIh6mSSpWIEn5qnf_vaHSK0uvuyw_-xy9zHORn06UFvc-ejbsFsqMCixxwCBVVGBEH0t_qqA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB24
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEGsRfEsFxZqKBgY81__ukHM&google_cver=1&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvp...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=m9TsvUjHQ-yQWLKO3_el3w2&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvpqohA6jnAqsgEKD...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=m9TsvUjHQ-yQWLKO3_el3w2&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvpqohA6jnAqsgEKDYaLFFBWkLTrJGM7scWPAXePOy0r8tqTskbJN0H4amj

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Apr 2023 20:16:27 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=m9TsvUjHQ-yQWLKO3_el3w2&google_push=Aer7DvI19Zbv0eGk3wu85QhQU38VI2LwcEQlMCvdtDNjfhbKOmU8gTLNCMkI1DYa2xNxh7zf2OjszDXM_LiLvqvpqohA6jnAqsgEKDYaLFFBWkLTrJGM7scWPAXePOy0r8tqTskbJN0H4amj
x-host: tde-deliveryengine-production-64c8469d98-4xg9r
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame CB24 43 B
350 B 140ms
48ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESELIGynZGo77VZX7Nx6fr-Y4&google_cver=1&google_push=Aer7DvJJPYZ0ryv_SRpb_Vo_Ft7qZo7M_VqlwpOTrVIEijmVO5Gy6tCGwJidzAGmhsbcBBz6kOBC83PF3lq4hZ3NanQqb7RPJVoGdxnZJvwodQ1Mi_Dgm3bE6-yXF1Bqfx-B62b8VJl2gKbPZQ
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 4fa99c30t7h29buv366a7s132i303foj

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB24
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=gv9fkCL1RcmtGAJreVurEg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=gv9fkCL1RcmtGAJreVurEg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvI6WV66zaNbmV4x9vfg_WiKoFPThGfOqb20Nq-qe2S9VGlVf3KhbX6Zq4G09HzsK2PgaCKWP56Ltr1DK3rimEQwaTOuF_PsWtHkQSJyCx0vT4wwZ3z8ET8PEbiisPRV9vdk6NUU5XmR

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=gv9fkCL1RcmtGAJreVurEg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvI6WV66zaNbmV4x9vfg_WiKoFPThGfOqb20Nq-qe2S9VGlVf3KhbX6Zq4G09HzsK2PgaCKWP56Ltr1DK3rimEQwaTOuF_PsWtHkQSJyCx0vT4wwZ3z8ET8PEbiisPRV9vdk6NUU5XmR
date: Sat, 15 Apr 2023 20:16:27 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB24
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAAFCoAAAAB&google_nid=index&google_push=Aer7DvJABsjDM60cfB1zYDoSLwdBS98bAghBP...

170 B
188 B

57ms
57ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAAFCoAAAAB&google_nid=index&google_push=Aer7DvJABsjDM60cfB1zYDoSLwdBS98bAghBPXRelnvh0kwDwbPyf9XLY0ARSj-TZUGpp7RqiSrsQ9hKwi8P0wQlplGx06qfjevgWQQuHcd6ySXUiBW3tYKd0-mTLu_KWmJ4qKW30BaSxOcMCg

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Apr 2023 20:16:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEE7H9SZLznTgzA9p0DTJZqQ&google_hm=ZDsGGgf6ZEzm1PFOOqEfGAAAFCoAAAAB&google_nid=index&google_push=Aer7DvJABsjDM60cfB1zYDoSLwdBS98bAghBPXRelnvh0kwDwbPyf9XLY0ARSj-TZUGpp7RqiSrsQ9hKwi8P0wQlplGx06qfjevgWQQuHcd6ySXUiBW3tYKd0-mTLu_KWmJ4qKW30BaSxOcMCg
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CB24 0
12 B 48ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JTSewDCW6tC_mGkL2TpZ0NBA77H9AiZlqpNic5cvrSOPYt-bt5i80OjHIIUOfUgir6bImv

Requested by

Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/7493198391404092334/css/ Frame B93C 6 KB
1 KB 41ms
41ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471280
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:21:47 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame B93C 118 KB
40 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 20:35:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85250
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:35:37 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame B93C 95 B
122 B 40ms
40ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 07:23:03 GMT
x-content-type-options: nosniff
age: 46404
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 14 Apr 2024 07:23:03 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame B93C 6 KB
3 KB 40ms
40ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 12:18:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28674
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 14 Apr 2024 12:18:33 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B93C 60 KB
24 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A4D 36 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 10:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14296
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 14 Apr 2024 10:09:43 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
215 B 118ms
118ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2Uv6,time:1053,type:e,im:%7Bpci:%7Btdr:1004%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1053,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1047~0%5D,as:%5B1047~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:152,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:20,sis:565%7D&br=c
Requested by: Host: 3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
URL: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A049 0
0 77ms
76ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvmMb90bZrIp8SKgFTHeaI5Gq_HYZWHnXjssvWra45kRXl7ebauggKk1QgOEe-xjDAIuTjA_Ou1fALzjoEzP4jx7iqCKfCueuspUiUBA_RUu6rUZitrjAWRCegF2q8sAxCUJgmTdGnH6nvSX5A2rTfpendZAGQ3KAzXb5h0A7MS0Js6yw&sai=AMfl-YRQg_2VsDu2pErmSwIQJIHFiaRp91simnu-1mQqngnHkPYXPsL7qlvBqcu6SdyivFGUV0uSfUfqqjdYRLDXoFI_KVpzs8MNvmUVc4ediqKMxsXV-zlVP_MltjZarg&sig=Cg0ArKJSzDN7jVTPBsRoEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=535&vt=11&dtpt=283&dett=3&cstd=246&cisv=r20230412.02851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame B93C 13 KB
13 KB 41ms
40ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:21:48 GMT
x-content-type-options: nosniff
age: 471279
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:21:48 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame B93C 12 KB
12 KB 44ms
44ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:21:48 GMT
x-content-type-options: nosniff
age: 471279
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:21:48 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame B93C 14 KB
14 KB 46ms
46ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:21:48 GMT
x-content-type-options: nosniff
age: 471279
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:21:48 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame E1A3 2 KB
816 B 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22105c51ef3cefac91beed7a89642951165c0e2f293c1c672572433e54cbf7b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:04:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 744
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 788
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 12:33:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:19:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E1A3 7 KB
6 KB 83ms
83ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b8193b7a68ebe87918f29389f7356e5490fd126912fcc761654551254c0cc19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5698
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 08B1 0
0 77ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv0Phy-EdcFNIzN_FsWLd2I8z_c9o0m2gMXPcmQxRbTsrJokiUIwuTYirD0ImURlUb8_ysjZWI7q7d75-z31kD2Tuuhmm21Nbk8NDfdUrdcCoE0VqK3fUc3UHsEC54_un0s3nWPvFMzcWqMxkW0iO8OOL7OHxBWF-67sNYCopTzGhnmYQrVjzGkB2AI4RNyy70mMEmpjmkaDbiPhsew3tFlpbiD0Lhe7-pS8zjbu06Iqm_eBPN5HkQaUkBfaX1_ddQm_73dwzT3-yrSo5DaSJG4Ojh62gxmOMXyJgaeadKPg1Uv8iQCZAaKZhF5XIecxguOe1w-XTaQkWqh3A7BdsVZg_baioBtS_2ZxAt9hTQEeNIKZBaFol7fDrj-s_NouABteOUaQu4B5Nr3-6YFUf_XhvMYx1OvKDGf-M0mjGj4t-us0XC_Gz1sErygrWiNr5yyDmCk0GwpLkP3SfKyQ2yLCdP761L49jpQxOt8Xkgu8i-WgaS1P3miPX_Rzr36Vdwpu0sc7N1DTjg5rrn8zCI2ltu_FB7ZpRapSDeLoVEnrj-TwUf-mF_cNVExfYhGnZcbybl3bGEomLH2CkhIVKnHjLpVdeC58bC3h5ZEI6VLJhGe3bj9gcqpK8gwZH55GD0HJsFpweJLUNWoLGiD21dMNZWZguE_Eze5dikRgDhk2ifBM1mByNyRvDIlJmZZKObcqUQQugjEzcEe55ZILV7Bsgp4VKg33K9wDDYSJ40DUOvWKbAOGJqkAnq9tTDxfMmzJPNbzL4BfrpM_XwRn7g3tjrLASoez78nHGWdHHibLvebkgnGq1ljFJQrAQYJuWTqjsdCTfNJvzmX1MCXh6aFx56IyhxIzK9sONoIiAQEqNceM0Vx2YGLl29b7WqzYO9GFXiZ4JscWgVu_VvEUo9TLAxj1OSQVAXHplH1fsw1O1IP3X15lz6cyP6sc5EPRyRBc8gA5nJJWiJtUVE6CRUM2x8SdZbizs39gpxoVT6zKOyTs9lV0gYF8Jk3z8vHVPc2m7dWOIerUqwBwvKL29PgwOrVn8MIrK4pgaTNZ42llInBm6RzdsDnWMmsf8UjcG-dBvtRs_7UT-IWWsMtGZatF4tCAjx7wMqK9unCG1coGZ9SNrS3BlSk9EDnPjJKCfHGxEMbGONQW6BoQzlIqwofsfORUBMht0g9AuvcfbTfJR5C4gkuTxESb96dsxI5iG1T4XgnllBhY1hwkAP4ywG2Wf482tSyGI2rwynNBQP-9iBpMoVdXwogVCxihga6fAzWQ7RfS_wDCm_ny-X0_4AyPdpKzs9gCgU&sai=AMfl-YTo41gdGLAJI4Ji7lDoHpxFkUpzrQHjufTbijnVSCNlpbVSqrBmQv-3merS_8fASQcTOGgIAyMYSYEtGDs3GSyYCgfyx_oV5ew72PQX284OfRo6WPqWfmS_ys9yB5STC6iAWjLH7xGuahnaZuvbNMR4ZwPH-dGkwY9ftlJpnk-jbeOcJn2FayQ0ruOz5ZVjpAD6n6WNZb84KM4Vpmhhz6rmyhshCVnM3nFtFskNgc8VaP7n-lAyGsHqQUU5UBMk8QEA7utkelBWmtV8EBsZazs8zN1r7qnp&sig=Cg0ArKJSzEkevGJtZmVbEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=302&vt=11&dtpt=217&dett=3&cstd=81&cisv=r20230412.30386&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: www.theatreinchicago.com
URL: https://www.theatreinchicago.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 20:16:27 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B93C 8 KB
6 KB 86ms
86ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6cc26f5a183ab11cf5b05b0cfd51dc7ac517761d126b478ea66bcb77ec9dbb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5810
x-xss-protection: 0

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame B93C 84 KB
84 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/visual.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=0BOSedBYvu&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 09:21:48 GMT
x-content-type-options: nosniff
age: 471279
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86025
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Apr 2024 09:21:48 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A4D 0
20 B 78ms
77ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BKK44GwY7ZPjNIIi99u8PhrWA-AoAAAAAOAHgBAI&bg=!paalpvLNAAZA7GLoYOw7ADkAdvg8WtydunOiuNzx8UP-96EsjHp_TJaAzMR6zZUaPAjgQ3mZaoy5araY8Pcj53C8Ix4JTgB3vi8CAAAAalIAAAACaAEHmQM3omM4QIuF9nkS3Ap_C6-J7N9H8QRXfiZL7QzQkePusXT4iZWgZcyHrReyKpZPJ8c_4SwcJnGdmBcZRqObzD1FDAYWk_NjKuu6I3Z_DX5Dk1go4X_QUjEyWoQyXFiGiEdgj_leZDz1HV9XBeyBJKgTylF0z4UnP4FkBWVAvnnvm90EKm9qadcpUzGzEUdmXg_JUCZzLz5UDm8Aiqt8JaLfiiPRf_iqOxpHiF9RJYK4oKVos1oN6LwR3ATONOkSU91YuL97BzmLa1zbFjaOqTREsUHlXPVyNgAVmWeaMbrQqsmr9oIBXDDhJK4ARP8Fr2Dqb6Fsu9N5AObdfbnqv_Z3coTA8bY030khyeDUBUFptn--DU7pRJwPBgp4HH08Hiwb5qlWzW1InFuAkAHWMIEUFrZNWcdrwgPrckLcMrhQhEAH0C_VK3FmD7DW_N_Igs5iCknqzF5WQmt46Y2igIqslwNbxZBri-diCrzK8fsCIQVx8KMAiHG-M5HUAsKtbvKvptO6WnK2r1dHn-uRT4XwcLzZakdZe_BSls0hK24JHOglDlrMGiUCBIAIyflphnHEqyV5SEzMGwwlWxFnrCgBSfshbJudWGTiQhPY3RRJOH6lnwraDaUUs7yjmHDyFFBiYAoCNNcQPAiue2Q8dEhtAXTSoVRQaYe4eKYVwx50O5U4LC18-GzwSwZdPVnEgODz4MmE59hFjVsc-boDV8x9VCGxsT9_-OHrMKj2siPiZcMPGROuMGN8O28CfpUkq77ToXoPH9OMozdozzTCwH5tML1HEORteXJMwYJl5MQ7Fm4KdHOZWPv9b89x70sXYwwy5Hl0Mt84HddaEYkPK5teV383zk7E0ZMKQwVc8opLdICS8_svgIVx1IGTYkkbkNqS7I0sqGp-5lTuV4uo3PNGFl6XkgvLS0p1TLcIPoIigGZgrt7pZkFo4DwpR6BSmcq7_L_VeOzV0kJmvzA926ATRms9Om5Mm7g2GsT9htFcHpstrzaAjv1_xonrHS9MnAen48d6w1vadO4s9_4lhdrvMjmc4shBysX9db9TnuSbdK8woGJ4bDR3zg8w-rvkXMWA7SDfJj24NQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame E1A3 62 KB
17 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17856
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:23:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:29:28 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E1A3 17 KB
6 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 20:16:28 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame E1A3 4 KB
2 KB 53ms
52ms XHR
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1840
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 11:00:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:31:28 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame E1A3 5 KB
2 KB 40ms
40ms XHR
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:04:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 711
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:19:37 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame E1A3 2 KB
1 KB 41ms
41ms XHR
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:25:50 GMT

GET
H3 200 NH_D_NA_San-Francisco-Bridge-Indian_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame E1A3 45 KB
45 KB 42ms
42ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_San-Francisco-Bridge-Indian_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cbfe5e000fe45bbf2766962a51448d2ecdda9cbf18b86ca52b743187e64a593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:03:21 GMT
x-content-type-options: nosniff
age: 787
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46154
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 09:22:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:18:21 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B93C 17 KB
6 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 20:16:28 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame E1A3 50 KB
50 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/14981401267596077774/index.html?e=69&leftOffset=0&topOffset=0&c=rb8MKWqa18&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 20:16:02 GMT
x-content-type-options: nosniff
age: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Apr 2023 20:31:02 GMT

GET
H3 200 bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js Show response
pagead2.googlesyndication.com/bg/ Frame A0ED 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 10:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36405
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14296
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 14 Apr 2024 10:09:43 GMT

GET
H3 200 bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C42 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bsdAhfwWdZZ0lwKfZyotoKMYFbxnkv02xNqAhtGyATM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 10:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36405
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14296
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 14 Apr 2024 10:09:43 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A049 42 B
64 B 82ms
81ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQEgstfZBKQB28f7cQt8uaL5-kr9lnz_YyqMG6fAPeAg3o1mp3fTxARUhOZwfn8E_-bYecsiLmkYvtEZBLkAHWQ0coR7YqVljY-4b6o4a9ZsGXPcOp43_C3a2ojk6Y6Wq5kHp9kQ&sai=AMfl-YQDBDxlYnzPIstPgn8b4jtphcip6gIusynTtvA6qgTMCZQgZWH8R2HYfFvL0MyhOueqmgH1R1AgoW7wg-XC3uuomEDqMPwTrbECORK7EKqxmYU93aPrD-ry530&sig=Cg0ArKJSzJTeoCpw-ddyEAE&cid=CAQSOwBygQiDiZ70hV6WTUVfMGYkxXumLwatV2Ij8zZsHqz2oePu_bmcy87gnzg_0l8ZFOAdkHB6pxITue9hGAE&id=lidar2&mcvt=1000&p=824,1324,864,1365&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230412&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2844659701&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681589786354&rpt=1040&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A72A 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwRHa1UisYkDJpuDr9dhOeZb4WKOn32El6rUMxtRzLlzKTxCpGpVzliPA8EC7j2WFWcSSkbQBoDqFOlHP0rzBu1jaXT5DyEA0w9AIxo8zlJMUty_Kp&sig=Cg0ArKJSzAXxwvqzIHhLEAE&id=lidar2&mcvt=1000&p=692,230,1292,390&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230412&bin=7&avms=nio&bs=1600,1200&mc=0.85&vu=1&app=0&itpl=3&adk=3804964394&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1681589787295&rpt=117&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.theatreinchicago.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 08B1 0
20 B 75ms
75ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9352822125855&version=m202301230201&ct=76&x=1&cor=7981432910268369000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A049 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1462922093364&version=m202301230201&ct=76&x=1&cor=4073998799587737000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A049 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4281:ea73:294d:a09b:a42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=a17ce71e-2a5f-d0fc-4266-3a4498606a66&tv=%7Bc:9T2UWC,pingTime:1,time:2759,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:20%7D,%7Bpiv:63,vs:pp,r:,t:1758%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1758,n:0,pp:1001,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1751~0,0~50%5D,as:%5B1751~160.600%5D%7D%7D,%7Bsl:pp,t:1758,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:63,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~50%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:125,fm:tBwTndx+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a*.1352960-70224241%7C1a1%7C1b,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:20,sis:565%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ea73:294d:a09b:a42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 20:16:29 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.theatreinchicago.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: bfa7849ffbe3bf313b3d870c1051a54b
.theatreinchicago.com/	1970-01-20 20:42:29	Name: __utma Value: 200663403.606482521.1681589785.1681589785.1681589785.1
.theatreinchicago.com/	1969-12-31 23:59:59	Name: __utmc Value: 200663403
.theatreinchicago.com/	1970-01-20 15:29:17	Name: __utmz Value: 200663403.1681589785.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.theatreinchicago.com/	1970-01-20 11:06:30	Name: __utmt Value: 1
.theatreinchicago.com/	1970-01-20 11:06:31	Name: __utmb Value: 200663403.1.10.1681589785
www.theatreinchicago.com/	1970-01-20 20:42:29	Name: _omappvp Value: POnuEOHtYVqPNY2UEQaualJZLp0UlWlB7M29kBTcxGQgM4uUMyrWfgiaBIWTUzDfulL6tr883iqz4nbS9M0HekKacxEsGLnM
www.theatreinchicago.com/	1970-01-20 11:06:30	Name: _omappvs Value: 1681589785165
.theatreinchicago.com/	1970-01-20 20:42:29	Name: _ga_5VT249Q4NT Value: GS1.1.1681589785.1.0.1681589785.0.0.0
.theatreinchicago.com/	1970-01-20 20:42:29	Name: _ga Value: GA1.1.21846822.1681589785
.adnxs.com/	1970-01-20 13:16:05	Name: uuid2 Value: 1524293765486140697
.casalemedia.com/	1970-01-20 19:52:05	Name: CMID Value: ZDsGGgf6ZEzm1PFOOqEfGAAA
.casalemedia.com/	1970-01-20 13:16:05	Name: CMPS Value: 5162
.casalemedia.com/	1970-01-20 13:16:05	Name: CMPRO Value: 5162
.doubleclick.net/	1970-01-20 20:28:05	Name: IDE Value: AHWqTUkrFcco9Y_uOpPQRoU_iyVE0kysAsPsNSvOofkob39sKXueTowZnT9hoQR-ons
.theatreinchicago.com/	1970-01-20 20:28:05	Name: __gads Value: ID=46c99a883a5f64c1:T=1681589785:S=ALNI_Mb74rTJ6g6zi1VBqjSohpd1pcAsmQ
.theatreinchicago.com/	1970-01-20 20:28:05	Name: __gpi Value: UID=00000c02cf779876:T=1681589785:RT=1681589785:S=ALNI_MajuBoGoic7XABIObMoZSVpKPjUdQ
.adnxs.com/	1970-01-20 13:16:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTwek:pz!]tcw8i_iqf!oN/@E'zz<Z0Q>PI#PKVPz6QfG)FJ8PwxX^+Mb#0[77e?.E<QG=%9sk@3@'s>T/vl!)
.simpli.fi/	1970-01-20 19:53:32	Name: suid Value: 949C3ED6ACF848988517DA61DF7B0D84
.quantserve.com/	1970-01-20 13:16:05	Name: d Value: EFEBCQHhKIEA
.quantserve.com/	1970-01-20 20:36:44	Name: mc Value: 643b061b-a2481-2c832-cbf73
m.exactag.com/	1970-01-20 13:16:05	Name: exactag_new_gk Value: 8bf74db6747649159bde251c3ceb66a3%7c14.06.2023+20%3a16%3a27
m.exactag.com/	1970-01-20 15:25:41	Name: exactag_new_uk Value: e611c745d47a43a2b4c067e8336d872a%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 3c510839092b4f0d80f49ae5
.everesttech.net/	1970-01-20 19:52:05	Name: everest_g_v2 Value: g_surferid~ZDsGGwAC-hc_2AAp
.travelaudience.com/	1970-01-20 20:36:44	Name: _tracker Value: %7B%22UUID%22%3A%229BD4ECBD-48C7-43EC-9058-B28EDFF7A5DF%22%7D
.mathtag.com/	1970-01-20 20:32:24	Name: uuid Value: 2f41643b-061b-4e00-ad7f-ebaa392559ca
.mathtag.com/	1970-01-20 11:49:41	Name: mt_mop Value: 4:1681589787
.pubmatic.com/	1970-01-20 11:07:56	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 19:52:05	Name: KADUSERCOOKIE Value: 82FF5F90-22F5-45C9-AD18-026B795BAB12
.tribalfusion.com/	1970-01-20 13:16:05	Name: ANON_ID Value: aQnsIHo0P8fCmTN83vUCTOf8Ma0Zcotc3q5TrjZds9w1VhBg14PL2ZcPHlhlZdpxeFPyMLiQE13siCtXfPZaUva5Zaljdn

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3c424c4e627e823edfd1412cd06731f5.safeframe.googlesyndication.com
a.omappapi.com
a.tribalfusion.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
api.omappapi.com
bid.g.doubleclick.net
cm.g.doubleclick.net
cms.quantserve.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
in.getclicky.com
m.exactag.com
maxcdn.bootstrapcdn.com
onetag-sys.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
region1.google-analytics.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.getclicky.com
sync-tm.everesttech.net
sync.mathtag.com
sync.teads.tv
thtr-chi.com
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.theatreinchicago.com
104.111.217.42
104.17.148.185
108.177.15.156
142.250.184.226
142.250.185.194
142.250.186.66
151.101.130.49
185.29.134.244
185.64.189.115
185.80.39.216
2001:4860:4802:34::36
2400:52e0:1e00::1078:1
2600:1f18:1aca:4281:ea73:294d:a09b:a42
2600:9000:223f:8c00:8:48e:53c0:93a1
2606:4700:3036::6815:31fa
2606:4700::6812:18ad
2606:4700::6812:acf
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2008
2a00:1450:4001:811::2006
2a00:1450:4001:813::2004
2a00:1450:4001:813::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2008
2a00:1450:4001:831::2002
2a02:fa8:8806:16::1400
34.91.62.186
35.186.253.211
35.190.0.66
37.252.171.21
51.89.9.254
54.72.1.207
65.9.95.33
74.208.236.154
85.14.248.91
98.98.134.243
0108b8a2b607c155d0ee58a84f9e6b516c8507cf4a658980eae10043d0667f82
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01de230100ff6ca985cde8be657583058e5616046a0a79f05361e89274d72685
02393e6c4d1934612af95f1a84117b135af46278f78b97124eae6536bb5b20d9
027c2027172321d6e83d4aaf70caa78667cb5bebbf55791aee309fd55994db3d
05847241ff210a75bee1d753219f23a43d629400251b3c73e5dd410a3953e199
08ff793f9402d67c66130ce6fd15a16b7201f2fc579f344d5bf63a93710643cf
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b22415e4dbc33efb82827aec6c16cc04b481b84ba903d19c76543dc671f939b
0b7ba61576b256d85f2eb4778ff2b773a85e79e5a3d53e2fd380fdc9afde9e7e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cf67a42bb48fba065918fca80854ed3117be8fe739d0b19492331f529e868d8
0eeb8b2025374b7e01734372458ddddedd9a97e0b9f9184ed5f2fd9d50d56f2e
0fec98a39e258bf2d0c18e1db83026eca6a93bb02a6b5a0a96a5841e8fdbaf61
103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12c22a019c4fb90c00f25247aaf50758466a76250cbb297ade30b0756fa072d0
157acb48f0d2c4dc8d0b950af08fcf796e986d66d462f8face3d2244fb5eda18
19179e033857b424a0fa75ddd2552a90ce462c5163991dcd7df07bde205fafef
1a886b38e83029773dd01967838f7e269c133e8199541d7f1fbb86ac39d2ace5
1b7c72c344628a34a182360ce440015c963b40f8f06b85095800f5791217c629
20acf5d6867ff28c18e9ec81b2e3bd8e703b73e2024fc96768c0ce2a5ac6780e
22105c51ef3cefac91beed7a89642951165c0e2f293c1c672572433e54cbf7b6
24b99e2a2567df86791e59f85f8193eb6a228d37508a7cab00fb390a6d43597e
24d1767063307d54c7ae4f49b9d0f14d5c612648299e632eb5965dcf7769ce4f
266b00110d332a59a61f03ca966ca64c400947d3df49d9ae543738203e796268
26d9b6c44230968d81776300834750358ab5bdf35e7239385af3d503a4b584ca
26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5
2cbfe5e000fe45bbf2766962a51448d2ecdda9cbf18b86ca52b743187e64a593
2e6a2c48ddf656dd18431ca6f656e4d671a93141d2db4f304587d74280ecfbe4
2ea24df9a3e1eb05c5927721b875ac55379cb6f3ed2f89561ddd1002fa99ef2d
3100d491b841fa14ff6e424f20fdf84f0c815af85644b26e333aedad86eb7b79
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d7ec8dcd3d069ea9f87486f661754c6b51a44e1cb994a8b19352a02572cf41
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3408d5e5a86185a87d27c4cfdf941c94f6474efca8a232089eca3debb9266b0a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35f76a9b54a670b0bf14d5b99e194e6fbbc0f0e49d3c0f68d3e3d05843c5a07c
361e2a7c1190c0a950cf5b2885d72b6794215b7e3bafb6e5dc36aea2baaae68e
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
379d1c87f97cd7ef6e179508c9048cdf65c5458e1d4528efab7c0a0b86bfec19
3a0a0663352bcb92d46f373306fd1605e5ddd78fbca826a3a70611f3d490d917
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
46f3297cf1d30e9b63e0d60f70d3cb1f94b8b30f6d8aee71ef058dd3604e79f0
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4deaa32a7f20ab9d549968a8e5b90fce0e6a41cde8759aa1a83db16c98b7cd4c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50d992dc35a3974d78fa1ade515401c4abfb683e9b61fb255e9ae9633517a41a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5b6c0871762d9a246e42e260bb7f84201667d496dada260d24d691c50f703ac7
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
63968bd2eb3010c82017befe42790225802cbf035d3168af76357ae85708bbfa
68aeb5c7e3370887367e72f5935462fd1362e82b7887eed0e4e230313f590ab8
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a
6d905d34251ea961340ee754c1b4e01ae2d25f350b42152830067568abc10ad8
6d95ea547b0974a09d61104fa136f5eb6973466b6358fb06d997cc7f20ee71b2
6eb45ae63aad2f02ea07ea5e23ffbba9bd979e8a7d59b93b55a1133ea2862df7
6ec74085fc1675967497029f672a2da0a31815bc6792fd36c4da8086d1b20133
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7b9d31abe000e9fb35aaa9882c1df809cd4869ef2b0b9876d61f79941eef80fc
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85506787e85b4201c6cb65348b2f2584372d994197d872a63dfe28d434b2c870
8df63939e87e03d5f16d0890511315ab0aa86bf66e64dfffb9d637b1d4c85741
8e066aa29c41c912d3ac4c041f10f3945663694bc05e245f2f7bfda20c726568
92fa2c257df821f4d02c0e179b6de49863a0a47ea968344c51f70da4aa75f0ae
938e90a2d75092c915eb2e8b5d516cbcc470cac05bd0ad9ec8217df0d3b939ed
9521e9248df7d8a4bbe9c8052f273014560517a37e1aab0da71b61467d43922c
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b8193b7a68ebe87918f29389f7356e5490fd126912fcc761654551254c0cc19
9b9030ba856ef3a2628973bbd256c5d8d42f92f8685c87998a3d8d4e3e35f4bf
9ba7c5156c3fc4ecd08edac8051c5bab56f31f5d7683589a06690d816fa7f58d
9dbe012a3f8e152b859141ea837d22b6c204a02e35fbbd009e1aa58df426cfd4
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ead719662d12d46e58484bd0b7a00cc267edf5a0df7c4d4e67978f29d1d33e6
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a00370fffefaec742d1d42dfddf1049a7e78ef36e840115e93064e599e01ea2d
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2f3ef5fdaaa2e03483204b37e359c816a4845ad701a5b646464c3b15050a54a
a37c3b42cf2dc99fb8bc0b8ba1c9f78f80791827b98e8ae102ffe5a7fcd7b8f7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5593ee287dd4b1700d5da17311630731775218b9e980946477e185881b820dc
a5624d259af4072b555b675e012182fb05bab0132a19a7a9dc3a1f129bd734ac
a602822828a6abe77d97c2f186de73c937825db3513646072a9a7423cbafb6a1
a69f79d0a55e5070aeccadc35986cd16be219260fc35cef3a315c7f627b19870
aa74cca75286821b96ba27a9a06764471728404e07d42c5fc70cd1b2032be829
ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6
ad9cb56af4d809320d036a1c181d53c485ec78a6b619e2c532f29eeb05f2f7cc
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0acbc6bb0d564bfca20f76982415e529e5a662ce032154d19325d6533ea2420
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d
b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d
b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895
b6cc26f5a183ab11cf5b05b0cfd51dc7ac517761d126b478ea66bcb77ec9dbb9
b7f25ce329ecc549b36303027e3d16492524b1e19d0357c07b157d94d961f125
bc135e2646aa48c5ffe889bbf1ea3dd0a6073cb6a3666b2d92415bd391678eb1
bd9343e493cd44c5213f0af31541550cfeaf0590f1f1998c0f1876c7746b4e43
bf6f95ec82703a1d6bf735c74dbf7fafe73a246b8cbad6bdf8f2b24f454b4688
c08b857e67f202ceb9d0fd96b256d6fd597229cc67c3596dc8d860d444032342
c8401d267b771261f21a9d00951d93ccee54bbc2d910433f86b7c5b975060b4c
c928e1245a631b7a54428fe8bc128e68a0df9328a08b4caf902b01ade3922ec6
cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a
d08aa5fe6131891425c044dd702f43f2ecf647100e35173a102fe03fe49b0270
d6800a1517c5b1d21989025f70a5403ff01ddb14e32805c1bea33e71e578096b
d6d46477991976d7a536bf82b4d2da4c385072f52a028ea9b1b8cad35a5a6d03
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
daa80cefbd2fdeeb84087c2dc6addc813e460e2f1529ec56f52ee56f152e3ed9
dc890bd64ee80dd53b6f7ca93f2386526f489708c1ef3656f272c0a439394cc1
e06787d09c0170febea7e8d6ec75107fd88e6875072fdab051f36494e4a9784c
e15f0fa6b82b838ca3322606feac152fe748bcfef6b2ef009ab92b38d1046909
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
e731c3fffee43e126f68c44220752e466f3ab4ae664c9409c495ed7ca6a096ad
ed085d3263a9d67c1f4e54f89c50b3755b1feeb9d70ee08fe855d630850f800e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6d64d5a48a5bb376669ef86426e511b9d6d13b461d48b9b850c29fa107c77f
f13f1b0c4ad2befcc9c5a606098f2c676dd386b82434c9e7048e336bacb94482
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f678e256584e843feb8b927123eac8bbd5d98c4906eb713edcd04105ff063259
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f77582bed375bcc38f36c2b1a15e9deb97f387905b0c087a77448add795cd0c2
fb7ff7e94545aa1040e144c21c3a1a8de87c62f77e009dbd36ec6fba0855e0e4
fe478891e3324449c9e35417d902b8d894eaf628103718cac2d5b2f0ce4596c3
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
ffe9f5af1f80a9ba2f3208eb78ffcc24421bdbdd2964fa9799e055091a0970f8

www.theatreinchicago.com Open in urlscan Pro 74.208.236.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

244 Requests

92 %HTTPS

53 %IPv6

32 Domains

47 Subdomains

37 IPs

8 Countries

3124 kBTransfer

6620 kBSize

31 Cookies

7 Outgoing links

Page URL History

Redirected requests

244 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.theatreinchicago.com Open in urlscan Pro
74.208.236.154 Public Scan

Screenshot
Live screenshot

Full Image

244
Requests

92 %
HTTPS

53 %
IPv6

32
Domains

47
Subdomains

37
IPs

8
Countries

3124 kB
Transfer

6620 kB
Size

31
Cookies

244 HTTP transactions
7 data transactions